Subject: Re: pkgsrc NetBSD 2.0/i386 bulk build results 2005-03-19 (fwd)
To: Hubert Feyrer <hubert@feyrer.de>
From: Thomas Klausner <wiz@NetBSD.org>
List: pkgsrc-bulk
Date: 03/21/2005 13:58:58
On Sat, Mar 19, 2005 at 06:37:36PM +0100, Hubert Feyrer wrote:
> pkgsrc bulk build results
> NetBSD 2.0/i386

Please update your vulnerabilities file, and provide /usr/src and
/usr/xsrc.

Diff to Krister's latest bulk build:
7,8c24,25
<          Build started:                  Fri Mar 18 20:34:19 2005 UTC
<          Build ended:                    Sat Mar 19 20:13:49 2005 UTC
---
>          Build started:                  Fri Mar 18 12:37:45 2005 UTC
>          Build ended:                    Sat Mar 19 17:26:05 2005 UTC
10,15c27,32
<          Successfully packaged:          5170
<          Packages really broken:         72
<          Pkgs broken due to them:        76
<          Total broken:                   148
<          Not packaged:                   103
<          Total:                          251
---
>          Successfully packaged:          5018
>          Packages really broken:         108
>          Pkgs broken due to them:        191
>          Total broken:                   299
>          Not packaged:                   104
>          Total:                          403
20c37
< ftp://ftp.NetBSD.org/pub/NetBSD/misc/kristerw/pkgstat/i386-2.0/20050319.2013/broken.html
---
> http://smaug.fh-regensburg.de/~feyrer/ftp/pub/NetBSD/pkgstat-i386/20050319.1726/broken.html
26a44,46
> audio/mpg123               13      tech-pkg@NetBSD.org

 ===> Checking for vulnerabilities in mpg123-0.59.18nb7
 *** WARNING - remote-code-execution vulnerability in mpg123-0.59.18nb7 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-20

> audio/mpg123-esound                tech-pkg@NetBSD.org
> audio/mpg123-nas                   tech-pkg@NetBSD.org

Same.

29a50,53
> cad/simian                         dmcmahill@NetBSD.org

 main.cc: In function `int main(int, char**)':
 main.cc:45: error: `cerr' undeclared (first use this function)
 main.cc:45: error: (Each undeclared identifier is reported only once for each
    function it appears in.)

> chat/jabberd                       tech-pkg@NetBSD.org

 *** WARNING - denial-of-service vulnerability in jabberd-1.4.2nb3 - see http://www.derkeiler.com/Mailing-Lists/securityfocus/bugt

> chat/jabberd2              1       xtraeme@NetBSD.org

 => Couldn't fetch jabberd-2.0s6.tar.gz - please try to retrieve this
 => file manually into /usr/cvs.local/pkgsrc/distfiles/ and try again.

> comms/hylafax              1       hallmanns@surfeu.de

 tar: WARNING! These file names were not selected:
 sbin/hylafax

Wasn't this a problem with some directory in /etc existing
that shouldn't exist?

34a59
> databases/mysql3-server            tech-pkg@NetBSD.org

 *** WARNING - privilege-escalation vulnerability in mysql-server-3.23.58nb3 - see http://www.cve.mitre.org/cgi-bin/cvename.cgi?na

36c61
< devel/hdf5                 2       tech-pkg@NetBSD.org
---
> devel/kdevelop-base        2       markd@NetBSD.org

 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/adahello.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/bashhello.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/chello.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/chellogba.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/clanlib.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/cppcurseshello.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/cpphello.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/cppsdlhello.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/dcopservice.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/fortranhello.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/fpcgtk.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/fpchello.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/fpcsharedlib.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/gnomeapp.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/gtk2mmapp.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/haskellhello.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/javahello.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kapp.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kappjava.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kateplugin.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kateplugin2.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kbearimportfilter.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kbearplugin.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kcmodule.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kdedcop.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kdevlang.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kdevpart.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kdevpart2.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kfileplugin.tar.gz'
 pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/khello.tar.gz'
 ...

40a66
> editors/vim-kde                    greyskyy@po.cwru.edu

 *** WARNING - local-code-execution vulnerability in vim-kde-6.2.14nb2 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-200

41a68,69
> emulators/compat14         10      tech-pkg@NetBSD.org

 *** WARNING - remote-root-shell vulnerability in compat14-1.4.3.1nb1 - see http://www.kb.cert.org/vuls/id/738331 for more informa
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential

> emulators/compat14-crypto          tech-pkg@NetBSD.org

 *** WARNING - remote-root-shell vulnerability in compat14-crypto-1.4.3.1nb1 - see http://www.kb.cert.org/vuls/id/738331 for more
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential

46a75
> emulators/suse_libpng      2       jdolecek@NetBSD.org

 *** WARNING - remote-code-execution vulnerability in suse_libpng-7.3nb1 - see http://scary.beasts.org/security/CESA-2004-001.txt
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential

52a82
> graphics/dcraw             1       tech-pkg@NetBSD.org

 => Checksum SHA1 mismatch for dcraw-1.234/dcraw.c.
 => Checksum RMD160 mismatch for dcraw-1.234/dcraw.c.
 => Checksum SHA1 OK for dcraw-1.234/dcraw.1.
 => Checksum RMD160 OK for dcraw-1.234/dcraw.1.

58a89
> graphics/xv                2       tech-pkg@NetBSD.org

 *** WARNING - privilege-escalation vulnerability in xv-3.10anb9 - see http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtra
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential

65a97
> lang/perl5                 70      tech-pkg@NetBSD.org

 *** WARNING - local-file-write vulnerability in perl-5.6.1nb10 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0452
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential

68a101,102
> mail/cyrus-imapd21                 chris@NetBSD.org

 *** WARNING - remote-code-execution vulnerability in cyrus-imapd-2.1.15nb5 - see http://security.e-matters.de/advisories/152004.t
 *** WARNING - remote-code-execution vulnerability in cyrus-imapd-2.1.15nb5 - see http://security.e-matters.de/advisories/152004.t
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential

> mail/exim3                         grant@NetBSD.org

 *** WARNING - remote-code-execution vulnerability in exim-3.36nb4 - see http://www.exim.org/mail-archives/exim-announce/2005/msg0
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential

71a106
> math/yacas                         tech-pkg@NetBSD.org

 => Checksum SHA1 mismatch for yacas-1.0.57.tar.gz.
 => Checksum RMD160 mismatch for yacas-1.0.57.tar.gz.

72a108
> misc/JMdict                        wiz@NetBSD.org

 => Checksum SHA1 mismatch for JMdict-2004.03/jmdict_proj_desc.html.
 => Checksum RMD160 mismatch for JMdict-2004.03/jmdict_proj_desc.html.

75a112,113
> net/arla                           wennmach@NetBSD.org

 ===> arla-0.38 requires kernel sources available under $BSDSRCDIR/sys (or //usr/src/sys)

> net/bind4                          tech-pkg@NetBSD.org

 *** WARNING - denial-of-service vulnerability in bind-4.9.11 - see http://www.isc.org/products/BIND/bind-security.html for more i
 *** WARNING - remote-root-shell vulnerability in bind-4.9.11 - see http://www.cert.org/advisories/CA-2001-02.html for more inform
 *** WARNING - remote-root-shell vulnerability in bind-4.9.11 - see http://www.pine.nl/advisories/pine-cert-20020601.html for more
 *** WARNING - remote-root-shell vulnerability in bind-4.9.11 - see http://www.isc.org/products/BIND/bind-security.html for more i
 *** WARNING - cache-poisoning vulnerability in bind-4.9.11 - see http://www.kb.cert.org/vuls/id/734644 for more information ***
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential

77a116,117
> net/ethereal                       frueauf@NetBSD.org

 *** WARNING - remote-code-execution vulnerability in ethereal-0.10.10 - see http://www.ethereal.com/appnotes/enpa-sa-00016.html f
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
 *** Error code 1

> net/mldonkey-gui                   wiz@NetBSD.org

 src/daemon/common/commonHasher_c.o(.text+0x3ac): In function `hasher_thread':
 : undefined reference to `pthread_sigmask'
 src/daemon/common/commonHasher_c.o(.text+0x3c7): In function `hasher_thread':
 : undefined reference to `pthread_mutex_lock'
 src/daemon/common/commonHasher_c.o(.text+0x405): In function `hasher_thread':
 : undefined reference to `pthread_cond_timedwait'
 src/daemon/common/commonHasher_c.o(.text+0x565): In function `ml_job_start':
 : undefined reference to `pthread_attr_init'
 src/daemon/common/commonHasher_c.o(.text+0x56f): In function `ml_job_start':
 : undefined reference to `pthread_attr_setdetachstate'
 src/daemon/common/commonHasher_c.o(.text+0x57d): In function `ml_job_start':
 : undefined reference to `pthread_cond_init'
 src/daemon/common/commonHasher_c.o(.text+0x58b): In function `ml_job_start':
 : undefined reference to `pthread_mutex_init'
 src/daemon/common/commonHasher_c.o(.text+0x5aa): In function `ml_job_start':
 : undefined reference to `pthread_create'
 src/daemon/common/commonHasher_c.o(.text+0x5c3): In function `ml_job_start':
 : undefined reference to `pthread_mutex_lock'
 src/daemon/common/commonHasher_c.o(.text+0x5d9): In function `ml_job_start':
 : undefined reference to `pthread_cond_signal'
 src/daemon/common/commonHasher_c.o(.text+0x5e5): In function `ml_job_start':
 : undefined reference to `pthread_mutex_unlock'

78a119,120
> net/py-METAR               1       tech-pkg@NetBSD.org

running build_py error: build_py: supplying both
'packages' and 'py_modules' options is not allowed

> net/samba2                 2       tech-pkg@NetBSD.org

 *** WARNING - remote-code-execution vulnerability in samba-2.2.12nb1 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential

84a127,128
> security/cyrus-sasl        1       jlam@NetBSD.org

 *** WARNING - privilege-escalation vulnerability in cyrus-sasl-1.5.27nb8 - see http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential

> security/fprot-workstation         ben@NetBSD.org

Fixed.

88d131
< shells/standalone-tcsh             agc@NetBSD.org
89a133
> sysutils/fdgw                      fukachan@fml.org

 ===> fdgw-20020130 requires the NetBSD source tree in BSDSRCDIR (/usr/src)
 ===> fdgw-20020130 is not available for NetBSD-2.0-i386

92a137,140
> textproc/namazu1                   tech-pkg-ja@jp.NetBSD.org

 *** WARNING - cross-site-scripting vulnerability in namazu-1.3.0.11nb1 - see http://www.namazu.org/security.html.en for more info
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential

> time/pcal                          kei@NetBSD.org

 *** WARNING - remote-code-execution vulnerability in pcal-4.7 - see http://tigger.uic.edu/~jlongs2/holes/pcal.txt for more inform
 *** WARNING - buffer-overrun vulnerability in pcal-4.7 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1289 for more
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
 *** Error code 1


> www/asp2php                        shell@NetBSD.org

 *** WARNING - remote-code-execution vulnerability in asp2php-0.76.17 - see http://tigger.uic.edu/~jlongs2/holes/asp2php.txt for m
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential


> www/awstats                        minskim@NetBSD.org

 => Checksum SHA1 mismatch for awstats-6.3nb4/awstats-6.3.tgz.
 => Checksum RMD160 mismatch for awstats-6.3nb4/awstats-6.3.tgz.

96c144
< www/screws                         pancake@phreaker.net
---
> www/navigator3                     root@garbled.net

 *** WARNING - remote-root-shell vulnerability in navigator3-3.04 - see ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential

97a146,149
> www/zope                   2       tsarna@NetBSD.org

 *** WARNING - weak-authentication vulnerability in zope-2.2.2nb1 - see http://www.zope.org/Products/Zope/ for more information **
 *** WARNING - privilege-escalation vulnerability in zope-2.2.2nb1 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-06
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential


> www/zope25-ZWeatherApplet          tech-pkg@NetBSD.org

 BULK> Build for py21-pymetar-0.12 was not successful, aborting.

> x11/fltk                   12      jlam@NetBSD.org

Fixed.

> x11/lesstif                        tech-pkg@NetBSD.org

 *** WARNING - denial-of-service vulnerability in lesstif-0.94.0nb1 - see http://www.securityspace.com/smysecure/catid.html?viewsr
 or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential


98a151
> x11/xservers                       tron@NetBSD.org

 Cannot find NetBSD 2.0 (or older) X11 sources in /usr/xsrc.

101c154
< /Krister
---
> - Hubert

 Thomas