Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 204760 - dev-db/postgresql Multiple vulnerabilities (CVE-2007-{4769,4772,6067,6600,6601})
Summary: dev-db/postgresql Multiple vulnerabilities (CVE-2007-{4769,4772,6067,6600,6601})
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
URL: http://www.postgresql.org/about/news.905
Whiteboard: A1 [glsa]
Keywords: SECURITY
: 205111 (view as bug list)
Depends on: 194098
Blocks:
  Show dependency tree
 
Reported: 2008-01-07 15:17 UTC by Kerin Millar
Modified: 2020-04-04 10:14 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
postgresql 8.2.6 and libpq 8.2.6 ebuild patch conf and init files (postgresql-8.2.6.ebuilds.tar.bz2,8.49 KB, application/octet-stream)
2008-01-12 21:24 UTC, Michael Kefeder
no flags Details
postgresql-7.3.21-build.log (build.log,361.25 KB, text/plain)
2008-01-15 19:40 UTC, Angelo Arrifano (RETIRED)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Kerin Millar 2008-01-07 15:17:32 UTC
Five vulnerabilities deemed "critical" have been addressed in PostgreSQL. The fixed version are 8.2.6, 8.1.11, 8.0.15, 7.4.19, 7.3.21. Ergo, all versions currently in portage are affected and need to be updated.

The following text is reproduced from the announcement:

Index Functions Privilege Escalation (CVE-2007-6600): as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as "expression indexes". This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Both of these holes have now been closed.

Regular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067, CVE-2007-4769): three separate issues in the regular expression libraries used by PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend. All of these issues have been patched.

DBLink Privilege Escalation (CVE-2007-6601): DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle (see CVE-2007-3278), but that patch failed to close all forms of the loophole.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-01-07 17:06:01 UTC
Thanks for the report.

Postgresql herd, please advise.
Comment 2 Jakub Moc (RETIRED) gentoo-dev 2008-01-09 20:08:45 UTC
*** Bug 205111 has been marked as a duplicate of this bug. ***
Comment 3 Michael Kefeder 2008-01-12 21:24:55 UTC
Created attachment 140829 [details]
postgresql 8.2.6 and libpq 8.2.6 ebuild patch conf and init files

I started off using the 8.2.5 ebuilds from postgresql-testing and changed the SRC_URI to only use postgresql-8.2.6.tar.bz2 as file. worked for me.
Comment 4 Martin Jackson (RETIRED) gentoo-dev 2008-01-13 00:48:56 UTC
(In reply to comment #3)
> Created an attachment (id=140829) [edit]
> postgresql 8.2.6 and libpq 8.2.6 ebuild patch conf and init files
> I started off using the 8.2.5 ebuilds from postgresql-testing and changed the
> SRC_URI to only use postgresql-8.2.6.tar.bz2 as file. worked for me.

Thanks for the ebuilds.  I am testing and working on committing them now.
Comment 5 Martin Jackson (RETIRED) gentoo-dev 2008-01-13 01:47:02 UTC
The 8.2.6 ebuilds are now committed.  I'll try to work on bumping the other versions tomorrow - our stable target should be 8.0.15; I'll post to this bug when that's committed.

Thanks, Marty.
Comment 6 Martin Jackson (RETIRED) gentoo-dev 2008-01-13 19:37:33 UTC
8.0.15 ebuilds are now committed.  Based on what we've got in the tree now, the 7.4 and 7.3 branches should also be stable targets.  I'll get going on those, and finally 8.1.  7.4 and 7.3 should be committed today - hopefully 8.1 too, if I can get it done (my dev box is old and slow).  Meanwhile, arches can start with 8.0.15.  Thanks, Marty.
Comment 7 Martin Jackson (RETIRED) gentoo-dev 2008-01-13 20:16:09 UTC
7.4.19 ebuilds committed.  Thanks, Marty

Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-01-13 20:45:48 UTC
Thx Martin. 

Since this is pretty serious I'm calling arches to start testing before all branches are fixed. Target keywords sofar are:

postgresql-7.4.19.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86"
postgresql-8.0.15.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86"

Comment 9 Markus Meier gentoo-dev 2008-01-13 21:24:19 UTC
>>> Unpacking postgresql-7.4.19.tar.bz2 to /var/tmp/portage/dev-db/libpq-7.4.19/work
 * Applying libpq-7.4.19-gentoo.patch ...

 * Failed Patch: libpq-7.4.19-gentoo.patch !
 *  ( /usr/portage/dev-db/libpq/files/libpq-7.4.19-gentoo.patch )
 *
 * Include in your bugreport the contents of:
 *
 *   /var/tmp/portage/dev-db/libpq-7.4.19/temp/libpq-7.4.19-gentoo.patch-30816.out

 *
 * ERROR: dev-db/libpq-7.4.19 failed.
 * Call stack:
 *             ebuild.sh, line 1701:  Called dyn_unpack
 *             ebuild.sh, line  817:  Called qa_call 'src_unpack'
 *             ebuild.sh, line   44:  Called src_unpack
 *   libpq-7.4.19.ebuild, line   44:  Called epatch '/usr/portage/dev-db/libpq/files/libpq-7.4.19-gentoo.patch'
 *         eutils.eclass, line  304:  Called die
 * The specific snippet of code:
 *                              die "Failed Patch: ${patchname}!"
 *  The die message:
 *   Failed Patch: libpq-7.4.19-gentoo.patch!

(8.0.15 applies without problems)
Comment 10 Martin Jackson (RETIRED) gentoo-dev 2008-01-13 21:29:44 UTC
Commits for 8.1.11 and 7.3.21 are now done.

7.3.21 is the stable target for that branch.

Also, upstream has advised that 7.3.21 will be the last upstream release of the
7.3 branch.

Thanks, Marty.

I'll take a look at the 7.4.19 problem.
Comment 11 Martin Jackson (RETIRED) gentoo-dev 2008-01-13 21:55:16 UTC
The libpq problem had to do with me not adding the files with -ko.  It also affected 7.3.21.  Fixes for both are committed now.

Thanks, Marty
Comment 12 Markus Meier gentoo-dev 2008-01-13 23:23:48 UTC
~dev-db/libpq-8.1.11 seems to be missing - I can't commit postgresql stable (on x86). repoman is complaining...
and btw, all patches apply fine now.
Comment 13 Christian Faulhammer (RETIRED) gentoo-dev 2008-01-13 23:51:25 UTC
stable on x86, on behalf of maekke...libpq 8.1.11 is missing and "Ebuild has redundant cd ${S} statement on line:" Check your repoman output.
Comment 14 Brent Baude (RETIRED) gentoo-dev 2008-01-14 01:16:42 UTC
7.3.21 ppc64 stable now.  Will wait on db/libpq-8.1.11 to complete the db side too.
Comment 15 Martin Jackson (RETIRED) gentoo-dev 2008-01-14 02:12:23 UTC
Grr...sorry about 8.1.11.  I don't know how I missed that.  It's committed now, and I fixed the unquoted errors in the 7.4 libpq ebuilds.  Once keywording has settled, I'll fix the rest of the repoman warnings.
Comment 16 Jeroen Roovers (RETIRED) gentoo-dev 2008-01-14 15:37:47 UTC
Is it true that 8.1* is not a stabilisation target? Even if it were, with 8.1.11 in the tree, 8.1.9 could now be removed safely (i.e. without upsetting anyone).
Comment 17 Angelo Arrifano (RETIRED) gentoo-dev 2008-01-14 19:47:56 UTC
dev-db/libpq-7.4.19  USE="nls pam readline ssl zlib -kerberos"
dev-db/postgresql-7.4.19  USE="doc nls pam python readline ssl test zlib -kerberos -perl -pg-intdatetime (-selinux) -tcl -xml"

* Emerges on AMD64.
* Test phase enabled.
* Works.

- -

Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-r3 x86_64)
=================================================================
System uname: 2.6.23-gentoo-r3 x86_64 AMD Turion(tm) 64 X2 Mobile Technology TL-56
Timestamp of tree: Mon, 14 Jan 2008 13:30:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
app-shells/bash:     3.2_p17-r1
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.10-r5
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -Os -msse3 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=k8 -Os -msse3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://213.186.33.38/gentoo-distfiles/ http://213.186.33.37/gentoo-distfiles/"
LANG="C"
LC_ALL="C"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X a52 aac acpi alsa amd64 amr amrnb amrwb bash-completion berkdb bitmap-fonts branding bzip2 cairo cli cracklib crypt cups dbus divx doc dvd dvdr emerald ffmpeg firefox flac fortran gd gdbm gif glade glib glitz gtk gtkspell hal hddtemp iconv insecure-savers isdnlog javascript jpeg jpeg2k kqemu libcaca libnotify midi mmx mmxext mp2 mp3 mp4 mpeg mplayer mudflap musicbrainz mysql ncurses nls nptl nptlonly offensive ogg opengl openmp pam pcre png pppd python quicktime readline realmedia reflection samba sdl session smp spell spl sse sse2 ssl stream svg syslog taglib tcpd threads truetype truetype-fonts type1 type1-fonts unicode v4l v4l2 vhosts vim-syntax vorbis wmp xcomposite xorg xosd xpm xscreensaver xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev synaptics joystick" KERNEL="linux" LCD_DEVICES="xosd" USERLAND="GNU" VIDEO_CARDS="nv nvidia none"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 18 Jeroen Roovers (RETIRED) gentoo-dev 2008-01-15 14:37:49 UTC
All three stable for HPPA.
Comment 19 Robert Buchholz (RETIRED) gentoo-dev 2008-01-15 16:35:44 UTC
Here's the keyword situation:

(vulnerable)     -> (not vulnerable)
7.3.19   ( arch) -> 7.3.21
7.4.17   ( arch) -> 7.4.19
8.0.13   ( arch) -> 8.0.15
8.1.9    (~arch) -> 8.1.11
8.2.4-r1 (~arch) -> 8.2.6


Stable targets for all arches are:
=dev-db/postgresql-7.3.21
=dev-db/postgresql-7.4.19
=dev-db/postgresql-8.0.15

(and their corresponding libpq's)
Comment 20 Brent Baude (RETIRED) gentoo-dev 2008-01-15 17:18:17 UTC
Ok, I *think* ppc64 is cool now.  Readd if not.
Comment 21 Raúl Porcel (RETIRED) gentoo-dev 2008-01-15 18:58:55 UTC
alpha/ia64/sparc stable
Comment 22 Angelo Arrifano (RETIRED) gentoo-dev 2008-01-15 19:40:55 UTC
Created attachment 141001 [details]
postgresql-7.3.21-build.log

Thanks Robert, that clarified things a lot.

dev-db/libpq-7.3.21 USE="nls pam readline ssl zlib -kerberos -pg-intdatetime%"
dev-db/postgresql-7.3.21  USE="doc nls pam python readline ssl test zlib -kerberos -perl -pg-intdatetime (-selinux) -tcl -xml"

* Test phase enabled.
* Failed to emerge.. (build.log attached)

>>> Completed installing postgresql-7.3.21 into /var/tmp/portage/dev-db/postgresql-7.3.21/image/

ecompressdir: bzip2 -9 usr/share/man
strip: x86_64-pc-linux-gnu-strip --strip-unneeded -R .comment
(...)
   usr/lib64/postgresql/timetravel.so
   usr/lib64/postgresql/string_io.so
   usr/lib64/postgresql/tablefunc.so
   usr/lib64/postgresql/tsearch.so
   usr/lib64/postgresql/user_locks.so
   usr/lib64/libecpg.so.3.4.1
   usr/lib/python2.4/site-packages/_pgmodule.so
   usr/lib64/libecpg.a

 * QA Notice: Package has poor programming practices which may compile
 *            fine but exhibit random runtime failures.
 * query.c:239: warning: implicit declaration of function 'tolower'

Files matching a file type that is not allowed:
   usr/lib/python2.4/site-packages/_pgmodule.so
 * 
 * ERROR: dev-db/postgresql-7.3.21 failed.
 * Call stack:
 *   misc-functions.sh, line 576:  Called install_qa_check
 *   misc-functions.sh, line 352:  Called die
 * The specific snippet of code:
 *              [[ ${abort} == yes ]] && die "multilib-strict check failed!"
 *  The die message:
 *   multilib-strict check failed!

- -

Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-r3 x86_64)
=================================================================
System uname: 2.6.23-gentoo-r3 x86_64 AMD Turion(tm) 64 X2 Mobile Technology TL-56
Timestamp of tree: Mon, 14 Jan 2008 13:30:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
app-shells/bash:     3.2_p17-r1
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.10-r5
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -Os -msse3 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=k8 -Os -msse3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://213.186.33.38/gentoo-distfiles/ http://213.186.33.37/gentoo-distfiles/"
LANG="C"
LC_ALL="C"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X a52 aac acpi alsa amd64 amr amrnb amrwb bash-completion berkdb bitmap-fonts branding bzip2 cairo cli cracklib crypt cups dbus divx doc dvd dvdr emerald ffmpeg firefox flac fortran gd gdbm gif glade glib glitz gtk gtkspell hal hddtemp iconv insecure-savers isdnlog javascript jpeg jpeg2k kqemu libcaca libnotify midi mmx mmxext mp2 mp3 mp4 mpeg mplayer mudflap musicbrainz mysql ncurses nls nptl nptlonly offensive ogg opengl openmp pam pcre png pppd python quicktime readline realmedia reflection samba sdl session smp spell spl sse sse2 ssl stream svg syslog taglib tcpd threads truetype truetype-fonts type1 type1-fonts unicode v4l v4l2 vhosts vim-syntax vorbis wmp xcomposite xorg xosd xpm xscreensaver xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev synaptics joystick" KERNEL="linux" LCD_DEVICES="xosd" USERLAND="GNU" VIDEO_CARDS="nv nvidia none"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 23 Angelo Arrifano (RETIRED) gentoo-dev 2008-01-15 19:58:02 UTC
dev-db/libpq-8.0.15  USE="nls pam readline ssl threads zlib -kerberos -pg-intdatetime"
dev-db/postgresql-8.0.15  USE="doc nls pam python readline ssl test zlib -kerberos -perl -pg-intdatetime (-selinux) -tcl -xml"

* Emerges on AMD64.
* Test phase enabled.
* Works.

- -

Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-r3 x86_64)
=================================================================
System uname: 2.6.23-gentoo-r3 x86_64 AMD Turion(tm) 64 X2 Mobile Technology TL-56
Timestamp of tree: Mon, 14 Jan 2008 13:30:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
app-shells/bash:     3.2_p17-r1
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.10-r5
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -Os -msse3 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=k8 -Os -msse3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://213.186.33.38/gentoo-distfiles/ http://213.186.33.37/gentoo-distfiles/"
LANG="C"
LC_ALL="C"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X a52 aac acpi alsa amd64 amr amrnb amrwb bash-completion berkdb bitmap-fonts branding bzip2 cairo cli cracklib crypt cups dbus divx doc dvd dvdr emerald ffmpeg firefox flac fortran gd gdbm gif glade glib glitz gtk gtkspell hal hddtemp iconv insecure-savers isdnlog javascript jpeg jpeg2k kqemu libcaca libnotify midi mmx mmxext mp2 mp3 mp4 mpeg mplayer mudflap musicbrainz mysql ncurses nls nptl nptlonly offensive ogg opengl openmp pam pcre png pppd python quicktime readline realmedia reflection samba sdl session smp spell spl sse sse2 ssl stream svg syslog taglib tcpd threads truetype truetype-fonts type1 type1-fonts unicode v4l v4l2 vhosts vim-syntax vorbis wmp xcomposite xorg xosd xpm xscreensaver xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev synaptics joystick" KERNEL="linux" LCD_DEVICES="xosd" USERLAND="GNU" VIDEO_CARDS="nv nvidia none"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 24 Angelo Arrifano (RETIRED) gentoo-dev 2008-01-15 20:40:47 UTC
(In reply to comment #22)

Adding the following line to the ebuild fixes the multilib failure:

sed -i -e "s/\/lib\/python/\/$(get_libdir)\/python/" configure
Comment 25 Tobias Scherbaum (RETIRED) gentoo-dev 2008-01-15 20:59:11 UTC
ppc stable
Comment 26 Martin Jackson (RETIRED) gentoo-dev 2008-01-16 06:16:08 UTC
(In reply to comment #24)
> (In reply to comment #22)
> Adding the following line to the ebuild fixes the multilib failure:
> sed -i -e "s/\/lib\/python/\/$(get_libdir)\/python/" configure

OK, this patch is committed to the 7.3.21 ebuild.  I don't have an AMD64 to test on, but it compiled cleanly on my x86.

I've also removed 8.1.9 and 8.2.4, since they're vulnerable and not stable targets for this exercise.
Comment 27 Peter Weller (RETIRED) gentoo-dev 2008-01-16 15:15:02 UTC
amd64 all done.
Comment 28 Peter Weller (RETIRED) gentoo-dev 2008-01-16 15:58:08 UTC
I lied. Missed out 7.4, but that's just been fixed.
Comment 29 Robert Buchholz (RETIRED) gentoo-dev 2008-01-20 00:00:13 UTC
All arches are fine, GLSA request filed.
Comment 30 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2008-01-29 22:59:49 UTC
and glsa 200801-15 sent, thanks everyone