591210 – media-gfx/ufraw-0.22 stable request

Bug 591210 - media-gfx/ufraw-0.22 stable request

Summary: media-gfx/ufraw-0.22 stable request

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:	STABLEREQ

Depends on:
Blocks:	549344
	Show dependency tree

Reported:	2016-08-13 19:56 UTC by stqn
Modified:	2017-02-01 01:52 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	=media-gfx/ufraw-0.22
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description stqn 2016-08-13 19:56:54 UTC

Hi,

ufraw 0.22 was released in june 2015 and commited to portage in august 2015. It doesn’t have any open bug in this bugtracker.

With the current stable ufraw 0.20 I get corrupt pictures when opening my PEF files, but using 0.22 solves the issue (amd64).

According to the official changelog at http://ufraw.sourceforge.net/, versions 0.21 and 0.22 solve many bugs, including CVE-2015-3885 (bug #549344).

For these reasons stabilizing ufraw 0.22 seems like a good idea to me.

Comment 1 Markus Meier gentoo-dev

2016-11-02 17:55:10 UTC

Arches, please go ahead. No reported regressions and in tree for a long time. Thanks in advance!

Comment 2 Markus Meier gentoo-dev

2016-11-13 08:45:23 UTC

arm stable

Comment 3 Tobias Klausmann (RETIRED) gentoo-dev

2016-11-15 15:34:16 UTC

Stable on alpha.

Comment 4 Tobias Klausmann (RETIRED) gentoo-dev

2016-12-20 14:03:34 UTC

Stable on amd64.

Comment 5 Bob Paddock 2016-12-24 16:58:50 UTC

There seems to be a missing dependency, can same one tell me what I need to install, please?


... undefined reference to `Exiv2::Metadatum::print ...


x86_64-pc-linux-gnu-g++  -mtune=generic -O2 -pipe -fopenmp  -Wl,-O1 -Wl,--sort-common -Wl,--as-needed -o ufraw-batch  ufraw-batch.o libufraw.a  -L/usr/lib -lexiv2   -lgthread-2.0 -pthread -lglib-2.0   -llcms2   -llensfun   -ltiff   -lpng16     -ljpeg -lbz2 -lz -lm  

x86_64-pc-linux-gnu-g++  -mtune=generic -O2 -pipe -fopenmp  -Wl,-O1 -Wl,--sort-common -Wl,--as-needed -o ufraw ufraw-ufraw.o libufraw.a  -L/usr/lib -lexiv2   -lgthread-2.0 -pthread -lglib-2.0   -llcms2   -llensfun   -ltiff   -lpng16     -lgtkimageview -lgtk-x11-2.0 -lgdk-x11-2.0 -lpangocairo-1.0 -latk-1.0 -lcairo -lgdk_pixbuf-2.0 -lgio-2.0 -lpangoft2-1.0 -lpango-1.0 -lgobject-2.0 -lglib-2.0 -lfontconfig -lfreetype   -ljpeg -lbz2 -lz -lm  

libufraw.a(ufraw_exiv2.o): In function `uf_strlcpy_to_utf8(char*, unsigned long, std::_List_const_iterator<Exiv2::Exifdatum>, Exiv2::ExifData&) [clone .constprop.48]':
ufraw_exiv2.cc:(.text+0xc1): undefined reference to `Exiv2::Metadatum::print[abi:cxx11](Exiv2::ExifData const*) const'
libufraw.a(ufraw_exiv2.o): In function `ufraw_exif_read_input':
ufraw_exiv2.cc:(.text+0x493): undefined reference to `Exiv2::ExifKey::ExifKey(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)'

Comment 6 Bob Paddock 2016-12-24 17:09:27 UTC

(In reply to Bob Paddock from comment #5)
> There seems to be a missing dependency, can same one tell me what I need to
> install, please?


I emerged gexiv2 and exiv2 again (they were already installed) and ufraw builds and installs now.

 
> ... undefined reference to `Exiv2::Metadatum::print ...
> 
> 
> x86_64-pc-linux-gnu-g++  -mtune=generic -O2 -pipe -fopenmp  -Wl,-O1
> -Wl,--sort-common -Wl,--as-needed -o ufraw-batch  ufraw-batch.o libufraw.a 
> -L/usr/lib -lexiv2   -lgthread-2.0 -pthread -lglib-2.0   -llcms2   -llensfun
> -ltiff   -lpng16     -ljpeg -lbz2 -lz -lm  
> 
> x86_64-pc-linux-gnu-g++  -mtune=generic -O2 -pipe -fopenmp  -Wl,-O1
> -Wl,--sort-common -Wl,--as-needed -o ufraw ufraw-ufraw.o libufraw.a 
> -L/usr/lib -lexiv2   -lgthread-2.0 -pthread -lglib-2.0   -llcms2   -llensfun
> -ltiff   -lpng16     -lgtkimageview -lgtk-x11-2.0 -lgdk-x11-2.0
> -lpangocairo-1.0 -latk-1.0 -lcairo -lgdk_pixbuf-2.0 -lgio-2.0 -lpangoft2-1.0
> -lpango-1.0 -lgobject-2.0 -lglib-2.0 -lfontconfig -lfreetype   -ljpeg -lbz2
> -lz -lm  
> 
> libufraw.a(ufraw_exiv2.o): In function `uf_strlcpy_to_utf8(char*, unsigned
> long, std::_List_const_iterator<Exiv2::Exifdatum>, Exiv2::ExifData&) [clone
> .constprop.48]':
> ufraw_exiv2.cc:(.text+0xc1): undefined reference to
> `Exiv2::Metadatum::print[abi:cxx11](Exiv2::ExifData const*) const'
> libufraw.a(ufraw_exiv2.o): In function `ufraw_exif_read_input':
> ufraw_exiv2.cc:(.text+0x493): undefined reference to
> `Exiv2::ExifKey::ExifKey(std::__cxx11::basic_string<char,
> std::char_traits<char>, std::allocator<char> > const&)'

Comment 7 Agostino Sarubbo gentoo-dev

2016-12-28 08:50:19 UTC

Dear Maintainer (or who is mainly involved in this stable request),

This is an auto-generated message that will move the current component to the new component Stabilization.
To ensure that the stabilization will proceed correctly, please fill the fields "Atoms to stabilize" and "Runtime testing required" as described here:
https://archives.gentoo.org/gentoo-dev/message/4b2ef0e9aa7588224b8ae799c5fe31fa

Comment 8 Agostino Sarubbo gentoo-dev

2017-01-04 15:33:51 UTC

x86 stable

Comment 9 Agostino Sarubbo gentoo-dev

2017-01-11 10:45:11 UTC

sparc stable

Comment 10 Agostino Sarubbo gentoo-dev

2017-01-15 15:56:29 UTC

ppc stable

Comment 11 Agostino Sarubbo gentoo-dev

2017-01-17 14:33:18 UTC

ia64 stable

Comment 12 Agostino Sarubbo gentoo-dev

2017-01-20 11:07:09 UTC

ppc64 stable

Comment 13 Jeroen Roovers (RETIRED) gentoo-dev

2017-01-31 14:43:51 UTC

Stable for HPPA. Closing. (Oh, great, another hidden security bug.)

Comment 14 Aaron Bauman (RETIRED) gentoo-dev

2017-02-01 01:44:01 UTC

(In reply to Jeroen Roovers from comment #13)
> Stable for HPPA. Closing. (Oh, great, another hidden security bug.)

We are trying to get people to understand this is not the proper practice.  It should be called for within the stable bug.  Hopefully it stops soon.

Comment 15 Aaron Bauman (RETIRED) gentoo-dev

2017-02-01 01:52:02 UTC

(In reply to Aaron Bauman from comment #14)
> (In reply to Jeroen Roovers from comment #13)
> > Stable for HPPA. Closing. (Oh, great, another hidden security bug.)
> 
> We are trying to get people to understand this is not the proper practice. 
> It should be called for within the stable bug.  Hopefully it stops soon.

s/stable/security