Date: Mon, 10 Sep 2007 20:52:31 +0100 From: John Murphy <freebsd001@freeode.co.uk> To: Gnome list <freebsd-gnome@freebsd.org> Cc: malcolm_green@tiscali.co.uk Subject: Re: make gnome2 fails because evince has vulnerability Message-ID: <20070910205231.167f48f7@turion.freeode.co.uk>
next in thread | raw e-mail | index | archive | help
malcolm_green@tiscali.co.uk wrote: > Dear freebsd-gnome team > May I enquire of you about a problem when doing make install > in /usr/ports/x11/gnome2 under PCBSD 1.4RC. It fails saying > evince has a vulnerability. I have followed the advice output by > the make and used kports to update the ports, fetch a new index, > and update the ports-db. Upon re-issuing make install I get the > same error. Now I am unsure what to do. Surely the make install > script should not refuse to continue building but merely issue a > warning. There must be a way to prevent this blowup, but the whole > ports system is like a empty cube in space to a relatively new > BSD person. > > I can see that one way to avoid it would be to get a new evince, > but kports says my copy is the latest. > The ports I am using is supplied on the PCBSD CD so I dont know when > it dates from, and in any case I have updated the ports tree with > kports. > Perhaps there is a good document I should read. <- Snipped screen output (mine is the same as yours. See below.) -> Hi Malcolm, No solution, but just wanted to say I have the same problem on FreeBSD-6.2. I've run csup and portupgrade -arR. I've run the gnomelogalyzer.sh from within /usr/ports/x11/gnome2 and checked all of its suggestions. (The recommended mailing list archive search showed no results for evince or [k|x]pdf in 2007! I get the impression Rambler isn't updated much these days...). The only thing I haven't tried (and I'm loath to do so as I doubt it will help) is 'pkg_delete -rf pkg-config\*'. The reference URL: http://www.FreeBSD.org/ports/portaudit/0e43a14d-3f3f-11dc-a79a-0016179b2dd5.html mentions xpdf and kpdf. Do you have either of those installed? I have kpdf and I'm wondering if the problem is because of that. Any suggestions from the port maintainers (or clues from anyone) would be much appreciated. [root@turion gnome2]# make install ===> Installing for gnome2-2.18.3 ===> gnome2-2.18.3 depends on file: /usr/local/libexec/gweather-applet-2 - found ===> gnome2-2.18.3 depends on executable: gnome-cd - found ===> gnome2-2.18.3 depends on executable: gnome-dictionary - found ===> gnome2-2.18.3 depends on executable: eog - found ===> gnome2-2.18.3 depends on executable: gconf-editor - found ===> gnome2-2.18.3 depends on executable: gnect - found ===> gnome2-2.18.3 depends on executable: gedit - found ===> gnome2-2.18.3 depends on executable: gnome-terminal - found ===> gnome2-2.18.3 depends on executable: gnome-session - found ===> gnome2-2.18.3 depends on executable: bug-buddy - found ===> gnome2-2.18.3 depends on executable: gnome-system-monitor - found ===> gnome2-2.18.3 depends on executable: nautilus - found ===> gnome2-2.18.3 depends on file: /usr/local/sbin/gdm - found ===> gnome2-2.18.3 depends on file: /usr/local/share/gnome/help/user-guide/C/user-guide.xml - found ===> gnome2-2.18.3 depends on file: /usr/local/share/gnome/sounds/question.wav - found ===> gnome2-2.18.3 depends on file: /usr/local/libdata/pkgconfig/libgail-gnome.pc - found ===> gnome2-2.18.3 depends on executable: file-roller - found ===> gnome2-2.18.3 depends on file: /usr/local/share/themes/HighContrast/gtk-2.0/gtkrc - found ===> gnome2-2.18.3 depends on executable: gok - found ===> gnome2-2.18.3 depends on executable: nautilus-cd-burner - found ===> gnome2-2.18.3 depends on executable: gcalctool - found ===> gnome2-2.18.3 depends on executable: gucharmap - found ===> gnome2-2.18.3 depends on executable: zenity - found ===> gnome2-2.18.3 depends on file: /usr/local/lib/X11/fonts/bitstream-vera/Vera.ttf - found ===> gnome2-2.18.3 depends on file: /usr/local/libexec/gnome-netstatus-applet - found ===> gnome2-2.18.3 depends on executable: dasher - found ===> gnome2-2.18.3 depends on executable: evolution-2.10 - found ===> gnome2-2.18.3 depends on file: /usr/local/libexec/evolution-webcal - found ===> gnome2-2.18.3 depends on executable: network-admin - found ===> gnome2-2.18.3 depends on executable: gnome-nettool - found ===> gnome2-2.18.3 depends on executable: vino-session - found ===> gnome2-2.18.3 depends on executable: exchange-connector-setup-2.10 - found ===> gnome2-2.18.3 depends on file: /usr/local/lib/gstreamer-0.10/.gstreamer-plugins-core.keep - found ===> gnome2-2.18.3 depends on file: /usr/local/lib/gstreamer-0.10/libgstgconfelements.so - found ===> gnome2-2.18.3 depends on executable: totem - found ===> gnome2-2.18.3 depends on executable: gnome-control-center - found ===> gnome2-2.18.3 depends on file: /usr/local/share/gnome/gnome-background-properties/gnome-branded.xml - found ===> gnome2-2.18.3 depends on executable: sound-juicer - found ===> gnome2-2.18.3 depends on executable: gnome-keyring-manager - found ===> gnome2-2.18.3 depends on file: /usr/local/libdata/pkgconfig/libgtkhtml-2.0.pc - found ===> gnome2-2.18.3 depends on executable: evince - not found ===> Verifying install for evince in /usr/ports/graphics/evince ===> evince-0.8.3_1 has known vulnerabilities: => xpdf -- stack based buffer overflow. Reference: <http://www.FreeBSD.org/ports/portaudit/0e43a14d-3f3f-11dc-a79a-0016179b2dd5.html>; => Please update your ports tree and try again. *** Error code 1 Stop in /usr/ports/graphics/evince. *** Error code 1 Stop in /usr/ports/x11/gnome2. *** Error code 1 Stop in /usr/ports/x11/gnome2. -- Thanks, John.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070910205231.167f48f7>