Subject: Re: pkgsrc NetBSD 2.0/i386 bulk build results 2005-03-19 (fwd)
To: Hubert Feyrer <hubert@feyrer.de>
From: Thomas Klausner <wiz@NetBSD.org>
List: pkgsrc-bulk
Date: 03/21/2005 13:58:58
On Sat, Mar 19, 2005 at 06:37:36PM +0100, Hubert Feyrer wrote:
> pkgsrc bulk build results
> NetBSD 2.0/i386
Please update your vulnerabilities file, and provide /usr/src and
/usr/xsrc.
Diff to Krister's latest bulk build:
7,8c24,25
< Build started: Fri Mar 18 20:34:19 2005 UTC
< Build ended: Sat Mar 19 20:13:49 2005 UTC
---
> Build started: Fri Mar 18 12:37:45 2005 UTC
> Build ended: Sat Mar 19 17:26:05 2005 UTC
10,15c27,32
< Successfully packaged: 5170
< Packages really broken: 72
< Pkgs broken due to them: 76
< Total broken: 148
< Not packaged: 103
< Total: 251
---
> Successfully packaged: 5018
> Packages really broken: 108
> Pkgs broken due to them: 191
> Total broken: 299
> Not packaged: 104
> Total: 403
20c37
< ftp://ftp.NetBSD.org/pub/NetBSD/misc/kristerw/pkgstat/i386-2.0/20050319.2013/broken.html
---
> http://smaug.fh-regensburg.de/~feyrer/ftp/pub/NetBSD/pkgstat-i386/20050319.1726/broken.html
26a44,46
> audio/mpg123 13 tech-pkg@NetBSD.org
===> Checking for vulnerabilities in mpg123-0.59.18nb7
*** WARNING - remote-code-execution vulnerability in mpg123-0.59.18nb7 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-20
> audio/mpg123-esound tech-pkg@NetBSD.org
> audio/mpg123-nas tech-pkg@NetBSD.org
Same.
29a50,53
> cad/simian dmcmahill@NetBSD.org
main.cc: In function `int main(int, char**)':
main.cc:45: error: `cerr' undeclared (first use this function)
main.cc:45: error: (Each undeclared identifier is reported only once for each
function it appears in.)
> chat/jabberd tech-pkg@NetBSD.org
*** WARNING - denial-of-service vulnerability in jabberd-1.4.2nb3 - see http://www.derkeiler.com/Mailing-Lists/securityfocus/bugt
> chat/jabberd2 1 xtraeme@NetBSD.org
=> Couldn't fetch jabberd-2.0s6.tar.gz - please try to retrieve this
=> file manually into /usr/cvs.local/pkgsrc/distfiles/ and try again.
> comms/hylafax 1 hallmanns@surfeu.de
tar: WARNING! These file names were not selected:
sbin/hylafax
Wasn't this a problem with some directory in /etc existing
that shouldn't exist?
34a59
> databases/mysql3-server tech-pkg@NetBSD.org
*** WARNING - privilege-escalation vulnerability in mysql-server-3.23.58nb3 - see http://www.cve.mitre.org/cgi-bin/cvename.cgi?na
36c61
< devel/hdf5 2 tech-pkg@NetBSD.org
---
> devel/kdevelop-base 2 markd@NetBSD.org
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/adahello.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/bashhello.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/chello.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/chellogba.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/clanlib.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/cppcurseshello.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/cpphello.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/cppsdlhello.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/dcopservice.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/fortranhello.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/fpcgtk.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/fpchello.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/fpcsharedlib.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/gnomeapp.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/gtk2mmapp.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/haskellhello.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/javahello.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kapp.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kappjava.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kateplugin.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kateplugin2.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kbearimportfilter.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kbearplugin.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kcmodule.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kdedcop.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kdevlang.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kdevpart.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kdevpart2.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/kfileplugin.tar.gz'
pkg_create: can't stat `/usr/pkg/share/kde/apps/kdevappwizard/khello.tar.gz'
...
40a66
> editors/vim-kde greyskyy@po.cwru.edu
*** WARNING - local-code-execution vulnerability in vim-kde-6.2.14nb2 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-200
41a68,69
> emulators/compat14 10 tech-pkg@NetBSD.org
*** WARNING - remote-root-shell vulnerability in compat14-1.4.3.1nb1 - see http://www.kb.cert.org/vuls/id/738331 for more informa
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
> emulators/compat14-crypto tech-pkg@NetBSD.org
*** WARNING - remote-root-shell vulnerability in compat14-crypto-1.4.3.1nb1 - see http://www.kb.cert.org/vuls/id/738331 for more
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
46a75
> emulators/suse_libpng 2 jdolecek@NetBSD.org
*** WARNING - remote-code-execution vulnerability in suse_libpng-7.3nb1 - see http://scary.beasts.org/security/CESA-2004-001.txt
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
52a82
> graphics/dcraw 1 tech-pkg@NetBSD.org
=> Checksum SHA1 mismatch for dcraw-1.234/dcraw.c.
=> Checksum RMD160 mismatch for dcraw-1.234/dcraw.c.
=> Checksum SHA1 OK for dcraw-1.234/dcraw.1.
=> Checksum RMD160 OK for dcraw-1.234/dcraw.1.
58a89
> graphics/xv 2 tech-pkg@NetBSD.org
*** WARNING - privilege-escalation vulnerability in xv-3.10anb9 - see http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtra
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
65a97
> lang/perl5 70 tech-pkg@NetBSD.org
*** WARNING - local-file-write vulnerability in perl-5.6.1nb10 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0452
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
68a101,102
> mail/cyrus-imapd21 chris@NetBSD.org
*** WARNING - remote-code-execution vulnerability in cyrus-imapd-2.1.15nb5 - see http://security.e-matters.de/advisories/152004.t
*** WARNING - remote-code-execution vulnerability in cyrus-imapd-2.1.15nb5 - see http://security.e-matters.de/advisories/152004.t
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
> mail/exim3 grant@NetBSD.org
*** WARNING - remote-code-execution vulnerability in exim-3.36nb4 - see http://www.exim.org/mail-archives/exim-announce/2005/msg0
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
71a106
> math/yacas tech-pkg@NetBSD.org
=> Checksum SHA1 mismatch for yacas-1.0.57.tar.gz.
=> Checksum RMD160 mismatch for yacas-1.0.57.tar.gz.
72a108
> misc/JMdict wiz@NetBSD.org
=> Checksum SHA1 mismatch for JMdict-2004.03/jmdict_proj_desc.html.
=> Checksum RMD160 mismatch for JMdict-2004.03/jmdict_proj_desc.html.
75a112,113
> net/arla wennmach@NetBSD.org
===> arla-0.38 requires kernel sources available under $BSDSRCDIR/sys (or //usr/src/sys)
> net/bind4 tech-pkg@NetBSD.org
*** WARNING - denial-of-service vulnerability in bind-4.9.11 - see http://www.isc.org/products/BIND/bind-security.html for more i
*** WARNING - remote-root-shell vulnerability in bind-4.9.11 - see http://www.cert.org/advisories/CA-2001-02.html for more inform
*** WARNING - remote-root-shell vulnerability in bind-4.9.11 - see http://www.pine.nl/advisories/pine-cert-20020601.html for more
*** WARNING - remote-root-shell vulnerability in bind-4.9.11 - see http://www.isc.org/products/BIND/bind-security.html for more i
*** WARNING - cache-poisoning vulnerability in bind-4.9.11 - see http://www.kb.cert.org/vuls/id/734644 for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
77a116,117
> net/ethereal frueauf@NetBSD.org
*** WARNING - remote-code-execution vulnerability in ethereal-0.10.10 - see http://www.ethereal.com/appnotes/enpa-sa-00016.html f
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
*** Error code 1
> net/mldonkey-gui wiz@NetBSD.org
src/daemon/common/commonHasher_c.o(.text+0x3ac): In function `hasher_thread':
: undefined reference to `pthread_sigmask'
src/daemon/common/commonHasher_c.o(.text+0x3c7): In function `hasher_thread':
: undefined reference to `pthread_mutex_lock'
src/daemon/common/commonHasher_c.o(.text+0x405): In function `hasher_thread':
: undefined reference to `pthread_cond_timedwait'
src/daemon/common/commonHasher_c.o(.text+0x565): In function `ml_job_start':
: undefined reference to `pthread_attr_init'
src/daemon/common/commonHasher_c.o(.text+0x56f): In function `ml_job_start':
: undefined reference to `pthread_attr_setdetachstate'
src/daemon/common/commonHasher_c.o(.text+0x57d): In function `ml_job_start':
: undefined reference to `pthread_cond_init'
src/daemon/common/commonHasher_c.o(.text+0x58b): In function `ml_job_start':
: undefined reference to `pthread_mutex_init'
src/daemon/common/commonHasher_c.o(.text+0x5aa): In function `ml_job_start':
: undefined reference to `pthread_create'
src/daemon/common/commonHasher_c.o(.text+0x5c3): In function `ml_job_start':
: undefined reference to `pthread_mutex_lock'
src/daemon/common/commonHasher_c.o(.text+0x5d9): In function `ml_job_start':
: undefined reference to `pthread_cond_signal'
src/daemon/common/commonHasher_c.o(.text+0x5e5): In function `ml_job_start':
: undefined reference to `pthread_mutex_unlock'
78a119,120
> net/py-METAR 1 tech-pkg@NetBSD.org
running build_py error: build_py: supplying both
'packages' and 'py_modules' options is not allowed
> net/samba2 2 tech-pkg@NetBSD.org
*** WARNING - remote-code-execution vulnerability in samba-2.2.12nb1 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
84a127,128
> security/cyrus-sasl 1 jlam@NetBSD.org
*** WARNING - privilege-escalation vulnerability in cyrus-sasl-1.5.27nb8 - see http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
> security/fprot-workstation ben@NetBSD.org
Fixed.
88d131
< shells/standalone-tcsh agc@NetBSD.org
89a133
> sysutils/fdgw fukachan@fml.org
===> fdgw-20020130 requires the NetBSD source tree in BSDSRCDIR (/usr/src)
===> fdgw-20020130 is not available for NetBSD-2.0-i386
92a137,140
> textproc/namazu1 tech-pkg-ja@jp.NetBSD.org
*** WARNING - cross-site-scripting vulnerability in namazu-1.3.0.11nb1 - see http://www.namazu.org/security.html.en for more info
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
> time/pcal kei@NetBSD.org
*** WARNING - remote-code-execution vulnerability in pcal-4.7 - see http://tigger.uic.edu/~jlongs2/holes/pcal.txt for more inform
*** WARNING - buffer-overrun vulnerability in pcal-4.7 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1289 for more
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
*** Error code 1
> www/asp2php shell@NetBSD.org
*** WARNING - remote-code-execution vulnerability in asp2php-0.76.17 - see http://tigger.uic.edu/~jlongs2/holes/asp2php.txt for m
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
> www/awstats minskim@NetBSD.org
=> Checksum SHA1 mismatch for awstats-6.3nb4/awstats-6.3.tgz.
=> Checksum RMD160 mismatch for awstats-6.3nb4/awstats-6.3.tgz.
96c144
< www/screws pancake@phreaker.net
---
> www/navigator3 root@garbled.net
*** WARNING - remote-root-shell vulnerability in navigator3-3.04 - see ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
97a146,149
> www/zope 2 tsarna@NetBSD.org
*** WARNING - weak-authentication vulnerability in zope-2.2.2nb1 - see http://www.zope.org/Products/Zope/ for more information **
*** WARNING - privilege-escalation vulnerability in zope-2.2.2nb1 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-06
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
> www/zope25-ZWeatherApplet tech-pkg@NetBSD.org
BULK> Build for py21-pymetar-0.12 was not successful, aborting.
> x11/fltk 12 jlam@NetBSD.org
Fixed.
> x11/lesstif tech-pkg@NetBSD.org
*** WARNING - denial-of-service vulnerability in lesstif-0.94.0nb1 - see http://www.securityspace.com/smysecure/catid.html?viewsr
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
98a151
> x11/xservers tron@NetBSD.org
Cannot find NetBSD 2.0 (or older) X11 sources in /usr/xsrc.
101c154
< /Krister
---
> - Hubert
Thomas