Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 245409 - [science overlay] New Package: x11-libs/xview-3.2p1.4-19c
Summary: [science overlay] New Package: x11-libs/xview-3.2p1.4-19c
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: Normal enhancement (vote)
Assignee: Default Assignee for New Packages
Whiteboard: Science overlay
Keywords: EBUILD, InOverlay
Depends on:
Blocks: 88334 244190 245408
  Show dependency tree
Reported: 2008-11-03 15:18 UTC by Justin Lecher (RETIRED)
Modified: 2011-06-20 06:19 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

xview-3.2-r6.ebuild.diff (xview-3.2-r6.ebuild.diff,2.72 KB, text/plain)
2008-11-04 09:55 UTC, Justin Lecher (RETIRED)
xview-3.2-r6.ebuild.patch (xview-3.2-r6.ebuild.patch,3.51 KB, patch)
2008-12-02 18:11 UTC, Peter Volkov (RETIRED)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Justin Lecher (RETIRED) gentoo-dev 2008-11-03 15:18:15 UTC
From Changelog from debian

                 xview (3.2p1.4-19) unstable; urgency=high

  * Applied patch from security team to fix security hole:
    Fixed buffer overflows [lib/libxview/base/xv_parse.c, CAN-2005-0076]
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2008-11-03 17:35:15 UTC
It's maintainer-needed, I'm afraid.
Comment 2 Justin Lecher (RETIRED) gentoo-dev 2008-11-03 17:53:26 UTC
(In reply to comment #1)
> It's maintainer-needed, I'm afraid.

I would take it over, if I get the opportunity to do so.
Comment 3 Justin Lecher (RETIRED) gentoo-dev 2008-11-03 18:52:58 UTC
Version bump goes nearly clean. I will post the ebuild tomorrow or on wednesday.
Comment 4 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2008-11-03 23:58:44 UTC
If there is a new ebuild, hopefully then we don't have to remove it as suggested in bug 244190
Comment 5 Justin Lecher (RETIRED) gentoo-dev 2008-11-04 09:47:50 UTC
I don't know if it fixes this. 
I personally need xview for nmrpipe, which is although it is binary distributed a very useful package with very, very less good alternatives. And nearly 60% of the functionality rely on X support. Nevertheless I will suggest a patch for nmrpipe with a X USEflag. If someone could test the patched ebuild on glibc-2.8 system?
Comment 6 Justin Lecher (RETIRED) gentoo-dev 2008-11-04 09:55:37 UTC
Created attachment 170708 [details]

The CAN...patch is included from upstream.
Comment 7 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2008-11-11 05:15:55 UTC
(In reply to comment #6)
> Created an attachment (id=170708) [edit]
> xview-3.2-r6.ebuild.diff
> The CAN...patch is included from upstream.

Applied diff to xview-3.2-r6.ebuild in my ~x86 chroot and still failed with glibc-2.8. (same error)
Comment 8 Robert Buchholz (RETIRED) gentoo-dev 2008-11-11 16:48:42 UTC
What is this bug report about? It was my understanding we apply a patch for CVE-2005-0076 since 2005 when bug #78118 was fixed.
Comment 9 Justin Lecher (RETIRED) gentoo-dev 2008-11-11 18:26:43 UTC
(In reply to comment #8)
> What is this bug report about? It was my understanding we apply a patch for
> CVE-2005-0076 since 2005 when bug #78118 was fixed.

I just saw that there is a newer version, so I wrote a bump request. While investigating the Changelog I saw that it fixes an security issue. Didn't get that we are fixing this for a long time. Sorry, than just a bump request.
Comment 10 Christian Hoffmann (RETIRED) gentoo-dev 2008-11-11 18:37:04 UTC
Moving away from security then...
Comment 11 Peter Volkov (RETIRED) gentoo-dev 2008-12-02 18:11:22 UTC
Created attachment 174083 [details, diff]

Well, this is my version of patch for version bump. It fixes glibc issue. Also upstream states that bug 88334 is fixed in this version and partially this ebuild fixes bug 245408. But after successful merge I failed to start textedit with the following error:

camobap-unstable ~ # textedit
XView warning: Cannot load font '-b&h-lucida-medium-r-*-*-*-120-*-*-*-*-*-*' (Font package)
XView warning: Cannot load font '-b&h-lucida-medium-r-normal-sans-*-120-*-*-*-*-*-*' (Font package)
XView error: Cannot open connection to window server: :0.0 (Server package)

Possibly that's because there are some problems in my chroot, although some other X11 applications work... So I'm not going to bump it but maybe anybody finds useful this patch here.
Comment 12 Samuli Suominen (RETIRED) gentoo-dev 2008-12-02 20:23:10 UTC
# Samuli Suominen <> (02 Dec 2008)
# Masked by treecleaners for bugs 88334, 244190, 245408 and 245409.
# Removed in ~60 days.
Comment 13 Samuli Suominen (RETIRED) gentoo-dev 2008-12-02 20:32:37 UTC
Unmask when it's fixed in tree, or committed to Sunrise.
Comment 14 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2008-12-30 17:05:08 UTC
(this is an automated message based on filtering criteria that matched this bug)

Hello, The Gentoo Team would like to firstly thank you for your ebuild submission. We also apologize for not being able to accommodate you in a timely manor. There are simply too many new packages.

Allow me to use this opportunity to introduce you to Gentoo Sunrise. The sunrise overlay[1] is a overlay for Gentoo which we allow trusted users to commit to and all users can have ebuilds reviewed by Gentoo devs for entry into the overlay. 
So, the sunrise team is suggesting that you look into this and submit your ebuild to the overlay where even *you* can commit to. =)

Because this is a mass message, we are also asking you to be patient with us. We anticipate a large number of requests in a short time. 

On behalf of the Gentoo Sunrise Team,

Comment 15 Justin Lecher (RETIRED) gentoo-dev 2009-02-03 16:42:10 UTC
I added this to sci overlay including the nmrpipe package. Thanks to pva for his patch which works fine for gcc-4.3.3 and glibc.2.8.