Subject: Re: kdemultimedia pkg and xine-lib security problems
To: Lubomir Sedlacik <salo@Xtrmntr.org>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: netbsd-users
Date: 02/27/2005 11:54:38
In message <20050227163552.GF26184@Xtrmntr.org>, Lubomir Sedlacik writes:
>
>--bxyj5TNvuouCjAp1
>Content-Type: text/plain; charset=us-ascii
>Content-Disposition: inline
>Content-Transfer-Encoding: quoted-printable
>
>On Sun, Feb 27, 2005 at 11:27:01AM -0500, Steven M. Bellovin wrote:
>> The problem is that kde also depends on audio/xine-arts, and I can't
>> get that to build; see pkg/29458
>
>is that on 2004Q4? the PR doesn't mention it, and provides no useful
>debug information either.
Sorry -- it was pkgsrc head. I confess I'm not accustomed to thinking
in terms of the quarterly release cycle for pkgsrc.
> the:
>
> =3D=3D=3D> Please investigate the following for more information:
> =3D=3D=3D> * config.log
> =3D=3D=3D> * /usr/pkgsrc/audio/xine-arts/work/.work.log
>
>lines aren't there for amusement of the readers. nothing personal, but
>sometimes i wonder what do we expect from our users when even our own
>developers can't file useful bug reports..
>
This line appears in the PR:
I did not see anything of interest in either of those two files
I did "investigate" those files and reported my results in the PR. I
could certainly be mistaken, of course, but it wasn't for lack of
trying or failure to follow the directions. Since the two files total
about 27K lines, and since I've found the problem quite reproducible on
four different machines, I didn't see the point of posting them.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb