make gnome2 fails because evince has vulnerability

John Murphy freebsd001 at freeode.co.uk
Mon Sep 10 13:30:26 PDT 2007 

malcolm_green at tiscali.co.uk wrote:

> Dear freebsd-gnome team
>    May I enquire of you about a problem when doing make install
> in /usr/ports/x11/gnome2 under PCBSD 1.4RC. It fails saying
> evince has a vulnerability. I have followed the advice output by
> the make and used kports to update the ports, fetch a new index,
> and update the ports-db. Upon re-issuing make install I get the
> same error. Now I am unsure what to do. Surely the make install
> script should not refuse to continue building but merely issue a
> warning. There must be a way to prevent this blowup, but the whole
> ports system is like a empty cube in space to a relatively new
> BSD person.
> 
> I can see that one way to avoid it would be to get a new evince,
> but kports says my copy is the latest.
> The ports I am using is supplied on the PCBSD CD so I dont know when
> it dates from, and in any case I have updated the ports tree with
> kports.

> Perhaps there is a good document I should read.

<- Snipped screen output (mine is the same as yours. See below.) ->

Hi Malcolm,

No solution, but just wanted to say I have the same problem on
FreeBSD-6.2. I've run csup and portupgrade -arR. I've run the
gnomelogalyzer.sh from within /usr/ports/x11/gnome2 and checked
all of its suggestions. (The recommended mailing list archive
search showed no results for evince or [k|x]pdf in 2007! I get
the impression Rambler isn't updated much these days...).

The only thing I haven't tried (and I'm loath to do so as I
doubt it will help) is 'pkg_delete -rf pkg-config\*'.

The reference URL:

http://www.FreeBSD.org/ports/portaudit/0e43a14d-3f3f-11dc-a79a-0016179b2dd5.html

mentions xpdf and kpdf. Do you have either of those installed?
I have kpdf and I'm wondering if the problem is because of that.

Any suggestions from the port maintainers (or clues from anyone)
would be much appreciated.

[root at turion gnome2]# make install
===>  Installing for gnome2-2.18.3
===>   gnome2-2.18.3 depends on file: /usr/local/libexec/gweather-applet-2 - found
===>   gnome2-2.18.3 depends on executable: gnome-cd - found
===>   gnome2-2.18.3 depends on executable: gnome-dictionary - found
===>   gnome2-2.18.3 depends on executable: eog - found
===>   gnome2-2.18.3 depends on executable: gconf-editor - found
===>   gnome2-2.18.3 depends on executable: gnect - found
===>   gnome2-2.18.3 depends on executable: gedit - found
===>   gnome2-2.18.3 depends on executable: gnome-terminal - found
===>   gnome2-2.18.3 depends on executable: gnome-session - found
===>   gnome2-2.18.3 depends on executable: bug-buddy - found
===>   gnome2-2.18.3 depends on executable: gnome-system-monitor - found
===>   gnome2-2.18.3 depends on executable: nautilus - found
===>   gnome2-2.18.3 depends on file: /usr/local/sbin/gdm - found
===>   gnome2-2.18.3 depends on file: /usr/local/share/gnome/help/user-guide/C/user-guide.xml - found
===>   gnome2-2.18.3 depends on file: /usr/local/share/gnome/sounds/question.wav - found
===>   gnome2-2.18.3 depends on file: /usr/local/libdata/pkgconfig/libgail-gnome.pc - found
===>   gnome2-2.18.3 depends on executable: file-roller - found
===>   gnome2-2.18.3 depends on file: /usr/local/share/themes/HighContrast/gtk-2.0/gtkrc - found
===>   gnome2-2.18.3 depends on executable: gok - found
===>   gnome2-2.18.3 depends on executable: nautilus-cd-burner - found
===>   gnome2-2.18.3 depends on executable: gcalctool - found
===>   gnome2-2.18.3 depends on executable: gucharmap - found
===>   gnome2-2.18.3 depends on executable: zenity - found
===>   gnome2-2.18.3 depends on file: /usr/local/lib/X11/fonts/bitstream-vera/Vera.ttf - found
===>   gnome2-2.18.3 depends on file: /usr/local/libexec/gnome-netstatus-applet - found
===>   gnome2-2.18.3 depends on executable: dasher - found
===>   gnome2-2.18.3 depends on executable: evolution-2.10 - found
===>   gnome2-2.18.3 depends on file: /usr/local/libexec/evolution-webcal - found
===>   gnome2-2.18.3 depends on executable: network-admin - found
===>   gnome2-2.18.3 depends on executable: gnome-nettool - found
===>   gnome2-2.18.3 depends on executable: vino-session - found
===>   gnome2-2.18.3 depends on executable: exchange-connector-setup-2.10 - found
===>   gnome2-2.18.3 depends on file: /usr/local/lib/gstreamer-0.10/.gstreamer-plugins-core.keep - found
===>   gnome2-2.18.3 depends on file: /usr/local/lib/gstreamer-0.10/libgstgconfelements.so - found
===>   gnome2-2.18.3 depends on executable: totem - found
===>   gnome2-2.18.3 depends on executable: gnome-control-center - found
===>   gnome2-2.18.3 depends on file: /usr/local/share/gnome/gnome-background-properties/gnome-branded.xml - found
===>   gnome2-2.18.3 depends on executable: sound-juicer - found
===>   gnome2-2.18.3 depends on executable: gnome-keyring-manager - found
===>   gnome2-2.18.3 depends on file: /usr/local/libdata/pkgconfig/libgtkhtml-2.0.pc - found
===>   gnome2-2.18.3 depends on executable: evince - not found
===>    Verifying install for evince in /usr/ports/graphics/evince
===>  evince-0.8.3_1 has known vulnerabilities:
=> xpdf -- stack based buffer overflow.
   Reference: <http://www.FreeBSD.org/ports/portaudit/0e43a14d-3f3f-11dc-a79a-0016179b2dd5.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/graphics/evince.
*** Error code 1

Stop in /usr/ports/x11/gnome2.
*** Error code 1

Stop in /usr/ports/x11/gnome2.

-- 
Thanks, John.

More information about the freebsd-gnome mailing list