retroshare depends on <libupnp-1.8.0, and this is blocking cleanup of vulnerable versions of libupnp (<1.14.0). Can anything be done about this?
Ping Gio. Can you adapt the patch for the version in tree? Is there a new release planned?
I see several comments upstream about using miniupnpc instead, eg https://github.com/RetroShare/RetroShare/issues/2072#issuecomment-718154688 That would be an easy ebuild fix.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ca02924dcb7e13bc34a84b4ebeea876357ea8be commit 3ca02924dcb7e13bc34a84b4ebeea876357ea8be Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2021-02-03 18:12:20 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2021-02-03 18:18:02 +0000 net-p2p/retroshare: switch to miniupnpc & fix EAPI=7 conversion Bug: https://bugs.gentoo.org/761885 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Ben Kohler <bkohler@gentoo.org> net-p2p/retroshare/retroshare-0.6.5-r1.ebuild | 153 ++++++++++++++++++++++++++ 1 file changed, 153 insertions(+)
Thanks Ben! We can use this bug for stabilization of the revbump later.
(In reply to Larry the Git Cow from comment #3) > The bug has been referenced in the following commit(s): > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=3ca02924dcb7e13bc34a84b4ebeea876357ea8be > > commit 3ca02924dcb7e13bc34a84b4ebeea876357ea8be > Author: Ben Kohler <bkohler@gentoo.org> > AuthorDate: 2021-02-03 18:12:20 +0000 > Commit: Ben Kohler <bkohler@gentoo.org> > CommitDate: 2021-02-03 18:18:02 +0000 > > net-p2p/retroshare: switch to miniupnpc & fix EAPI=7 conversion > > Bug: https://bugs.gentoo.org/761885 > > Package-Manager: Portage-3.0.14, Repoman-3.0.2 > Signed-off-by: Ben Kohler <bkohler@gentoo.org> > > net-p2p/retroshare/retroshare-0.6.5-r1.ebuild | 153 > ++++++++++++++++++++++++++ > 1 file changed, 153 insertions(+) Ben are you sure that if libupnp is installed on the system because some other package pull it in, retroshare will really link against miniupnp? Because AFAIR I fixed the upstream code to handle `RS_UPNP_LIB` option correctly at compile time after 0.6.5 was released. But I may remember it wrong.
In my testing, it will not attempt to use libupnp as long as RS_UPNP_LIB=miniupnpc is passed, even if libupnp is installed. Unfortunately in my first commit of this fix, it was missing \ at the end of the line so the argument wasn't passed properly. This has been fixed and I'm revbumping to make sure everyone gets the fixed version.
Ready for stabilization?
(In reply to John Helmert III from comment #7) > Ready for stabilization? Good for me!
amd64 done
x86 done all arches done
Sorry, please cleanup <0.6.5-r2.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f234282e99f789bef500cafff2f4bb0458a8807a commit f234282e99f789bef500cafff2f4bb0458a8807a Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2021-03-12 16:01:34 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2021-03-12 16:01:51 +0000 net-p2p/retroshare: drop old Closes: https://bugs.gentoo.org/761885 Package-Manager: Portage-3.0.17, Repoman-3.0.2 Signed-off-by: Ben Kohler <bkohler@gentoo.org> net-p2p/retroshare/retroshare-0.6.5.ebuild | 152 ----------------------------- 1 file changed, 152 deletions(-)
