From Changelog from debian
xview (3.2p1.4-19) unstable; urgency=high
* Applied patch from security team to fix security hole:
Fixed buffer overflows [lib/libxview/base/xv_parse.c, CAN-2005-0076]
It's maintainer-needed, I'm afraid.
(In reply to comment #1)
> It's maintainer-needed, I'm afraid.
I would take it over, if I get the opportunity to do so.
Version bump goes nearly clean. I will post the ebuild tomorrow or on wednesday.
If there is a new ebuild, hopefully then we don't have to remove it as suggested in bug 244190
I don't know if it fixes this.
I personally need xview for nmrpipe, which is although it is binary distributed a very useful package with very, very less good alternatives. And nearly 60% of the functionality rely on X support. Nevertheless I will suggest a patch for nmrpipe with a X USEflag. If someone could test the patched ebuild on glibc-2.8 system?
Created attachment 170708 [details]
The CAN...patch is included from upstream.
(In reply to comment #6)
> Created an attachment (id=170708) 
> The CAN...patch is included from upstream.
Applied diff to xview-3.2-r6.ebuild in my ~x86 chroot and still failed with glibc-2.8. (same error)
What is this bug report about? It was my understanding we apply a patch for CVE-2005-0076 since 2005 when bug #78118 was fixed.
(In reply to comment #8)
> What is this bug report about? It was my understanding we apply a patch for
> CVE-2005-0076 since 2005 when bug #78118 was fixed.
I just saw that there is a newer version, so I wrote a bump request. While investigating the Changelog I saw that it fixes an security issue. Didn't get that we are fixing this for a long time. Sorry, than just a bump request.
Moving away from security then...
Created attachment 174083 [details, diff]
Well, this is my version of patch for version bump. It fixes glibc issue. Also upstream states that bug 88334 is fixed in this version and partially this ebuild fixes bug 245408. But after successful merge I failed to start textedit with the following error:
camobap-unstable ~ # textedit
XView warning: Cannot load font '-b&h-lucida-medium-r-*-*-*-120-*-*-*-*-*-*' (Font package)
XView warning: Cannot load font '-b&h-lucida-medium-r-normal-sans-*-120-*-*-*-*-*-*' (Font package)
XView error: Cannot open connection to window server: :0.0 (Server package)
Possibly that's because there are some problems in my chroot, although some other X11 applications work... So I'm not going to bump it but maybe anybody finds useful this patch here.
# Samuli Suominen <firstname.lastname@example.org> (02 Dec 2008)
# Masked by treecleaners for bugs 88334, 244190, 245408 and 245409.
# Removed in ~60 days.
Unmask when it's fixed in tree, or committed to Sunrise.
(this is an automated message based on filtering criteria that matched this bug)
Hello, The Gentoo Team would like to firstly thank you for your ebuild submission. We also apologize for not being able to accommodate you in a timely manor. There are simply too many new packages.
Allow me to use this opportunity to introduce you to Gentoo Sunrise. The sunrise overlay is a overlay for Gentoo which we allow trusted users to commit to and all users can have ebuilds reviewed by Gentoo devs for entry into the overlay.
So, the sunrise team is suggesting that you look into this and submit your ebuild to the overlay where even *you* can commit to. =)
Because this is a mass message, we are also asking you to be patient with us. We anticipate a large number of requests in a short time.
On behalf of the Gentoo Sunrise Team,
I added this to sci overlay including the nmrpipe package. Thanks to pva for his patch which works fine for gcc-4.3.3 and glibc.2.8.