Date: Tue, 30 Jun 2009 18:35:04 -0400 From: Gary Palmer <gpalmer@freebsd.org> To: Roland Smith <rsmith@xs4all.nl> Cc: Harald Weis <hawei@free.fr>, freebsd-stable@freebsd.org Subject: Re: Vulnerability question Message-ID: <20090630223504.GA77577@in-addr.com> In-Reply-To: <20090630173237.GB39520@slackbox.xs4all.nl> References: <20090628205654.GA6237@pollux.local.net> <20090629184052.GB3248@slackbox.xs4all.nl> <20090630150832.GA2650@pollux.local.net> <20090630173237.GB39520@slackbox.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 30, 2009 at 07:32:37PM +0200, Roland Smith wrote: > On Tue, Jun 30, 2009 at 05:08:32PM +0200, Harald Weis wrote: > > On Mon, Jun 29, 2009 at 08:40:52PM +0200, Roland Smith wrote: > > > On Sun, Jun 28, 2009 at 10:56:54PM +0200, Harald Weis wrote: > > > > Building lxdvdrip stops because linux-pango has known > > > > vulnerabilities. > > > > > > You can ignore vulnerabilities by setting the environment variable > > > DISABLE_VULNERABILITIES. See ports(7). > > > > Yes, I've done this already, but I've stepped back because I cannot > > evaluate the risk. > > > > > Are you running a linux binary of mplayer? Because a native mplayer > > > binary does not require linux-pango! It just uses the native pango. > > > > In fact, it's lxdvdrip which requires linux-pango [via linux-gtk2]. > > lxdvdrip is happy with the native mplayer. > > Looking at the port Makefile [/usr/ports/multimedia/lxdvdrip/Makefile] > and Freshports entries [http://www.freshports.org/multimedia/lxdvdrip/] > for lxdvdrip, there is no sign of it directly requiring pango, let alone > the Linux version. It is mplayer that depends on pango: > > # cd /usr/ports/multimedia/lxdvdrip > # make run-depends-list > /usr/ports/misc/buffer > /usr/ports/multimedia/dvdauthor > /usr/ports/multimedia/libdvdnav > /usr/ports/multimedia/libdvdread > /usr/ports/multimedia/mpgtx > /usr/ports/multimedia/mplayer > /usr/ports/multimedia/transcode > /usr/ports/sysutils/dvd+rw-tools > > # cd /usr/ports/multimedia/mplayer > # make run-depends-list > /usr/ports/accessibility/atk > /usr/ports/audio/cdparanoia > /usr/ports/audio/esound > /usr/ports/audio/libvorbis > /usr/ports/converters/libiconv > /usr/ports/devel/gio-fam-backend > /usr/ports/devel/glib20 > /usr/ports/devel/pkg-config > /usr/ports/devel/sdl12 > /usr/ports/graphics/aalib > /usr/ports/graphics/png > /usr/ports/multimedia/libtheora > /usr/ports/multimedia/mplayer-skins > /usr/ports/multimedia/x264 > /usr/ports/print/freetype2 > /usr/ports/x11-toolkits/gtk20 > /usr/ports/x11-toolkits/pango > /usr/ports/x11/libX11 > /usr/ports/x11/libXv > /usr/ports/x11/libXxf86vm > > No linux-pango! I suspect that there is something wrong with your > ports. Do you have the native version of pango installed? > I am not the OP, however I also ran into warnings about mplayer and linux-pango. I believe the problem comes from linux-realplayer # cd /usr/ports/multimedia/mplayer # make run-depends-list /usr/ports/accessibility/atk /usr/ports/audio/arts /usr/ports/audio/libvorbis /usr/ports/converters/libiconv /usr/ports/devel/gio-fam-backend /usr/ports/devel/glib20 /usr/ports/devel/pkg-config /usr/ports/graphics/libGL /usr/ports/graphics/libungif /usr/ports/graphics/png /usr/ports/multimedia/libdv /usr/ports/multimedia/linux-realplayer /usr/ports/multimedia/mplayer-skins /usr/ports/multimedia/win32-codecs /usr/ports/multimedia/x264 /usr/ports/multimedia/xvid /usr/ports/print/freetype2 /usr/ports/x11-toolkits/gtk20 /usr/ports/x11-toolkits/pango /usr/ports/x11/libX11 /usr/ports/x11/libXinerama /usr/ports/x11/libXv /usr/ports/x11/libXxf86dga /usr/ports/x11/libXxf86vm # grep REAL /var/db/ports/mplayer/options WITH_REALPLAYER=true I don't have lxdvdrip installed so I don't think thats involved, at least in my case. There may be more than one path to the linux-pango dependency however :-( Regards, Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090630223504.GA77577>