sci-physics/root[qt4] depends on dev-qt/qtwebkit:4 which is ancient and will never see any security updates. If there's no upstream port available, I'd suggest to remove the USE flag.
The latest root version needs only qtgui and qtcore, at least according to its cmake config. When that version will hit portage, issue will be solved. By the way for scientific packages functionality is traditionally much more important than security. For better or worse this is a matter of fact.
Do you have any estimate for that version bump?
Expected package.mask list for sci-physics/root: app-doc/root-docs dev-python/root_numpy dev-python/rootpy sci-libs/spr sci-physics/pythia sci-physics/rivet sci-physics/root sci-physics/yoda
Instead of going down that rabbit hole, a simple mask of sci-physics/root[geocad,qt4] was added.
Maybe that warrants another issue, but my installed ROOT 5.34 is not actually linking against QtWebKit: $ ldd /usr/lib/root/*.so | grep -i qt /usr/lib/root/libGQt.so: libQtCore.so.4 => /usr/lib64/qt4/libQtCore.so.4 (0x00007fe38ce1f000) libQtGui.so.4 => /usr/lib64/qt4/libQtGui.so.4 (0x00007fe38c117000) /usr/lib/root/libQtGSI.so: libQtCore.so.4 => /usr/lib64/qt4/libQtCore.so.4 (0x00007f9cb8ce7000) libQtGui.so.4 => /usr/lib64/qt4/libQtGui.so.4 (0x00007f9cb7fdf000) libQt3Support.so.4 => /usr/lib64/qt4/libQt3Support.so.4 (0x00007f9cb7ae8000) libQtSql.so.4 => /usr/lib64/qt4/libQtSql.so.4 (0x00007f9cb23c5000) libQtXml.so.4 => /usr/lib64/qt4/libQtXml.so.4 (0x00007f9cb217f000) libQtNetwork.so.4 => /usr/lib64/qt4/libQtNetwork.so.4 (0x00007f9cb1e32000) /usr/lib/root/libQtRoot.so: libGQt.so.5.34 => /usr/lib64/root/libGQt.so.5.34 (0x00007f29b4462000) libQtCore.so.4 => /usr/lib64/qt4/libQtCore.so.4 (0x00007f29b152a000) libQtGui.so.4 => /usr/lib64/qt4/libQtGui.so.4 (0x00007f29b0822000) Also, grepping through the code at: https://root.cern.ch/gitweb/?p=root.git;a=shortlog;h=refs/heads/v5-34-00-patches for WebKit reveals nothing. Checking the configure macro used for 5.34, I find: https://root.cern.ch/gitweb/?p=root.git;a=blob;f=configure;h=a980c285420f3b78f183b7f9b940920171be765e;hb=refs/heads/v5-34-00-patches#l3653 This only checks for QtCore, QtGui, Qt3Support So I'd say the dev-qt/qtwebkit:4 dependency is already bad for the in-tree root packages, and the better fix would be to remove that and unmask the flag again.
^ job for maintainer. I won't build this anymore because it still requires qt3support enabled, which I don't have available anymore.
ROOT 6.12 will be released in the next couple of weeks. I already have an ebuild ready for when that happens, so it should hit the main tree soon after the release. As for ROOT 5.34, there are many commits on the v5-34-00-patches branch that are not on 5.34/36, so I will ask the team to make an official 5.34/38 release roughly at the same time, since LZ4 support should be on a released version once 6.12 is released. ROOT 5.34/36 won't compile due to the issue below in any case, so we need to get a fixed version. https://sft.its.cern.ch/jira/browse/ROOT-8180 If necessary, we should drop keywords so that ROOT does not prevent cleanup of qtwebkit, then once the releases come out I will update the ebuilds with correct dependencies. ROOT does not plan to move to Qt5, but to a javascript based graphics interface, so when qt4 is removed from the main tree, the USE flag should be removed as well, or at least masked.
The mask of qt4 is in place already and does not block Qtwebkit removal anymore.
ROOT-6.12, now in the tree, no longer depends on qtwebkit. When the new release of 5.34 comes out early next year, I will bump to 5.34.38 and remove the dependency there too, so please leave this bug open in the mean time. I will fix this soon.
Since you wanted to keep this open, any update here?
(In reply to Andreas Sturmlechner from comment #10) > Since you wanted to keep this open, any update here? Yes, 5.34/38 tag was created yesterday [1], and I'm working on the version bump. Should be finished tomorrow or at the latest by the end of this week. I'm still deciding which USE flags to keep and which to remove, since they involve deprecated/broken options in sci-physics/root itself. I also want it to work within the network sandbox before bumping. 1. https://github.com/root-project/root/releases/tag/v5-34-38
Qt4 was masked.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3fff3e43dbf12f9b561b56d8530a21d5c4d4163 commit f3fff3e43dbf12f9b561b56d8530a21d5c4d4163 Author: Guilherme Amadio <amadio@gentoo.org> AuthorDate: 2018-07-05 09:27:18 +0000 Commit: Guilherme Amadio <amadio@gentoo.org> CommitDate: 2018-07-05 11:05:00 +0000 sci-physics/root: drop old Closes: https://bugs.gentoo.org/651000 Closes: https://bugs.gentoo.org/620754 Closes: https://bugs.gentoo.org/632128 Closes: https://bugs.gentoo.org/638422 Closes: https://bugs.gentoo.org/649992 Package-Manager: Portage-2.3.41, Repoman-2.3.9 sci-physics/root/Manifest | 1 - .../root/files/root-5.28.00b-glibc212.patch | 11 - sci-physics/root/files/root-5.32.00-cfitsio.patch | 13 - sci-physics/root/files/root-5.32.00-chklib64.patch | 24 -- sci-physics/root/files/root-5.32.00-dotfont.patch | 58 --- .../root/files/root-5.34.05-nobyte-compile.patch | 137 ------- sci-physics/root/files/root-5.34.13-unuran.patch | 40 -- sci-physics/root/files/root-5.34.26-ldflags.patch | 19 - sci-physics/root/metadata.xml | 3 - sci-physics/root/root-5.34.36.ebuild | 441 --------------------- 10 files changed, 747 deletions(-)
I decided to remove ROOT 5 from the tree, but ROOT 6 still has optional support for qt4 with USE=qt4. Once Qt4 is out of the tree, I will update the ebuild and remove USE=qt4. Qt4 support is deprecated upstream too in any case, so I doubt users still have it enabled.
Qt4 has left the building.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b42c99db172146da240cb8588ef046702eca5c8 commit 4b42c99db172146da240cb8588ef046702eca5c8 Author: Guilherme Amadio <amadio@gentoo.org> AuthorDate: 2018-08-24 12:06:42 +0000 Commit: Guilherme Amadio <amadio@gentoo.org> CommitDate: 2018-08-24 12:57:27 +0000 sci-physics/root: drop support for Qt4 Support for Qt4 is deprecated upstream, and Qt4 is no longer in the main tree. Bug: https://bugs.gentoo.org/620754 Package-Manager: Portage-2.3.48, Repoman-2.3.10 sci-physics/root/root-6.12.06-r4.ebuild | 12 ++++-------- sci-physics/root/root-6.14.02.ebuild | 12 ++++-------- sci-physics/root/root-9999.ebuild | 12 ++++-------- 3 files changed, 12 insertions(+), 24 deletions(-)
