735588 – app-text/fbpdf depends on vulnerable media-libs/openjpeg:0

Bug 735588 - app-text/fbpdf depends on vulnerable media-libs/openjpeg:0

Summary: app-text/fbpdf depends on vulnerable media-libs/openjpeg:0

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Sergei Trofimovich (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	CVE-2018-21010
	Show dependency tree

Reported:	2020-08-02 20:04 UTC by John Helmert III
Modified:	2020-08-03 21:44 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2020-08-02 20:04:31 UTC

app-text/fbpdf is blocking cleanup of media-libs/openjpeg for bug 711260. Can anything be done about the dependency on openjpeg:0?

https://github.com/gentoo/gentoo/pull/16909
https://qa-reports.gentoo.org/output/gentoo-ci/bcba0b96a2/output.html#media-video/gpac

Comment 1 Sergei Trofimovich (RETIRED) gentoo-dev

2020-08-03 21:13:54 UTC

(In reply to John Helmert III (ajak) from comment #0)
> app-text/fbpdf is blocking cleanup of media-libs/openjpeg for bug 711260.

Should this bug be a blocker of it?

> Can anything be done about the dependency on openjpeg:0?
> 
> https://github.com/gentoo/gentoo/pull/16909
> https://qa-reports.gentoo.org/output/gentoo-ci/bcba0b96a2/output.html#media-
> video/gpac

If API is not too much different we can port. I'll have a look.

Comment 2 Larry the Git Cow gentoo-dev

2020-08-03 21:44:11 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47f13c8fd2c258dbcbc1b0834d3dc0f509434b0d

commit 47f13c8fd2c258dbcbc1b0834d3dc0f509434b0d
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2020-08-03 21:43:50 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2020-08-03 21:44:00 +0000

    app-text/fbpdf: drop ebuild that refers transitive dependencies
    
    Reported-by: John Helmert III (ajak)
    Closes: https://bugs.gentoo.org/735588
    Package-Manager: Portage-3.0.1, Repoman-2.3.23
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 app-text/fbpdf/fbpdf-0_p20190202.ebuild | 47 ---------------------------------
 1 file changed, 47 deletions(-)

Additionally, it has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e50f73bb773fd6e0e2ae9a7b199c2d0f0d6eaea

commit 4e50f73bb773fd6e0e2ae9a7b199c2d0f0d6eaea
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2020-08-03 21:41:03 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2020-08-03 21:43:59 +0000

    app-text/fbpdf: depend on only direct pkg-config files
    
    Reported-by: John Helmert III (ajak)
    Bug: https://bugs.gentoo.org/735588
    Package-Manager: Portage-3.0.1, Repoman-2.3.23
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 app-text/fbpdf/fbpdf-0_p20190202-r1.ebuild         | 43 ++++++++++++++++++++++
 .../files/fbpdf-0_p20190202-drop-unused.patch      | 16 ++++++++
 2 files changed, 59 insertions(+)