make gnome2 fails because evince has vulnerability

malcolm_green at tiscali.co.uk malcolm_green at tiscali.co.uk
Sun Sep 9 01:42:47 PDT 2007 


----Original Message----
From: malcolm_green at tiscali.co.uk
Date: 09/09/2007 9:29 
To: <gnome at freebs.org>
Subj: make gnome2 fails because evince has vulnerability

Dear freebsd-gnome team
    May I enquire of you about a problem when doing   make install   
in   /usr/ports/x11/gnome2   under PCBSD 1.4RC . It fails saying   
evince    has a vulnerability. I have followed the advice output by 
the 
make and used   kports   to    update the ports  ,  fetch a new index 
, 
and  update the ports-db . Upon re-issuing   make install   I get the 
same error.  Now I am unsure what to do.  Surely the   make install   
script should not refuse to continue building but merely issue a 
warning. There must be a way to prevent this blowup, but the whole   
ports   system is like a   empty cube in space   to a relatively new 
BSD person.

I can see that one way to avoid it would be to get a new   evince   , 
but   kports   says my copy is the latest.
The ports I am using is supplied on the PCBSD CD so I dont know when 
it dates from, and in any case I have updated the   ports tree   
with   
kports .
 
Perhaps there is a good document I should read.

This is my screen output at the second attempt.

madrid# pwd
/usr/ports/x11/gnome2
madrid# make install
===>  Installing for gnome2-2.18.3
===>   gnome2-2.18.3 depends on file: /usr/local/libexec/gweather-
applet-2 - found
===>   gnome2-2.18.3 depends on executable: gnome-cd - found
===>   gnome2-2.18.3 depends on executable: gnome-dictionary - found
===>   gnome2-2.18.3 depends on executable: eog - found
===>   gnome2-2.18.3 depends on executable: gconf-editor - found
===>   gnome2-2.18.3 depends on executable: gnect - found
===>   gnome2-2.18.3 depends on executable: gedit - found
===>   gnome2-2.18.3 depends on executable: gnome-terminal - found
===>   gnome2-2.18.3 depends on executable: gnome-session - found
===>   gnome2-2.18.3 depends on executable: bug-buddy - found
===>   gnome2-2.18.3 depends on executable: gnome-system-monitor - 
found
===>   gnome2-2.18.3 depends on executable: nautilus - found
===>   gnome2-2.18.3 depends on file: /usr/local/sbin/gdm - found
===>   gnome2-2.18.3 depends on file: 
/usr/local/share/gnome/help/user-
guide/C/user-guide.xml - found
===>   gnome2-2.18.3 depends on file: 
/usr/local/share/gnome/sounds/question.wav - found
===>   gnome2-2.18.3 depends on file: 
/usr/local/libdata/pkgconfig/libgail-gnome.pc - found
===>   gnome2-2.18.3 depends on executable: file-roller - found
===>   gnome2-2.18.3 depends on file: 
/usr/local/share/themes/HighContrast/gtk-2.0/gtkrc - found
===>   gnome2-2.18.3 depends on executable: gok - found
===>   gnome2-2.18.3 depends on executable: nautilus-cd-burner - found
===>   gnome2-2.18.3 depends on executable: gcalctool - found
===>   gnome2-2.18.3 depends on executable: gucharmap - found
===>   gnome2-2.18.3 depends on executable: zenity - found
===>   gnome2-2.18.3 depends on file: 
/usr/local/lib/X11/fonts/bitstream-vera/Vera.ttf - found
===>   gnome2-2.18.3 depends on file: /usr/local/libexec/gnome-
netstatus-applet - found
===>   gnome2-2.18.3 depends on executable: dasher - found
===>   gnome2-2.18.3 depends on executable: evolution-2.10 - found
===>   gnome2-2.18.3 depends on file: /usr/local/libexec/evolution-
webcal - found
===>   gnome2-2.18.3 depends on executable: network-admin - found
===>   gnome2-2.18.3 depends on executable: gnome-nettool - found
===>   gnome2-2.18.3 depends on executable: vino-session - found
===>   gnome2-2.18.3 depends on executable: exchange-connector-setup-
2.10 - found
===>   gnome2-2.18.3 depends on file: /usr/local/lib/gstreamer-0.10/.
gstreamer-plugins-core.keep - found
===>   gnome2-2.18.3 depends on file: /usr/local/lib/gstreamer-0.10
/libgstgconfelements.so - found
===>   gnome2-2.18.3 depends on executable: totem - found
===>   gnome2-2.18.3 depends on executable: gnome-control-center - 
found
===>   gnome2-2.18.3 depends on file: /usr/local/share/gnome/gnome-
background-properties/gnome-branded.xml - found
===>   gnome2-2.18.3 depends on executable: sound-juicer - found
===>   gnome2-2.18.3 depends on executable: gnome-keyring-manager - 
found
===>   gnome2-2.18.3 depends on file: 
/usr/local/libdata/pkgconfig/libgtkhtml-2.0.pc - found
===>   gnome2-2.18.3 depends on executable: evince - not found
===>    Verifying install for evince in /usr/ports/graphics/evince
===>  evince-0.8.3_1 has known vulnerabilities:
=> xpdf -- stack based buffer overflow.
   Reference: <http://www.FreeBSD.org/ports/portaudit/0e43a14d-3f3f-
11dc-a79a-0016179b2dd5.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/graphics/evince.
*** Error code 1

Stop in /usr/ports/x11/gnome2.
madrid#  



I apologise if this is not enough evidence.   Thank you

                         malcolm_green at tiscali.co.uk



                     



__________________________________________________
Tiscali Broadband only £7.99 a month for your first 3 months! http:
//www.tiscali.co.uk/products/broadband/





__________________________________________________
Tiscali Broadband only £7.99 a month for your first 3 months! http://www.tiscali.co.uk/products/broadband/

More information about the freebsd-gnome mailing list