| Summary: | games-sports/torcs bundles an internal copy of dev-libs/expat | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
| Component: | Current packages | Assignee: | Gentoo Games <games> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | esigra, ionen, kripton, mgorny, pacho, treecleaner |
| Priority: | High | Keywords: | PMASKED |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | http://bugs.gentoo.org/show_bug.cgi?id=315951 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 415909 | ||
| Bug Blocks: | 251464, 280615, 303727, 407519 | ||
|
Description
Diego Elio Pettenò (RETIRED)
2009-01-03 07:19:49 UTC
1.3.3 version blames to fix security issues: http://torcs.sourceforge.net/index.php?name=News&file=article&sid=79 So apparently our version is from 2014, and the newest release upstream is from 2016 [1]. Given that it still uses bundled expat, it's clearly vulnerable and there is null maintainer interest in fixing this. Let's remove it. [1] https://sourceforge.net/projects/torcs/files/all-in-one/ The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e7bbe6b88a4401652d06557238edf03551642d5 commit 3e7bbe6b88a4401652d06557238edf03551642d5 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2022-09-26 06:10:34 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2022-09-26 06:10:34 +0000 package.mask: Last rite games-sports/torcs Bug: https://bugs.gentoo.org/253517 Signed-off-by: Michał Górny <mgorny@gentoo.org> profiles/package.mask | 7 +++++++ 1 file changed, 7 insertions(+) For the record, it has diverged a fair deal but games-sports/speed-dreams is based on torcs and can be a bit of a replacement. (In reply to Ionen Wolkens from comment #4) > For the record, it has diverged a fair deal but games-sports/speed-dreams is > based on torcs and can be a bit of a replacement. I might add, haven't looked closely but given speed-dreams depends on expat I assume it's not bundled over there too :) The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97caaf827ca530c3b8dcb7b1377bb403cac9b632 commit 97caaf827ca530c3b8dcb7b1377bb403cac9b632 Author: Jakov Smolić <jsmolic@gentoo.org> AuthorDate: 2022-11-01 04:37:21 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2022-11-01 04:37:21 +0000 games-sports/torcs: treeclean Closes: https://bugs.gentoo.org/253517 Closes: https://bugs.gentoo.org/479698 Closes: https://bugs.gentoo.org/601636 Closes: https://bugs.gentoo.org/711644 Closes: https://bugs.gentoo.org/846671 Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> games-sports/torcs/Manifest | 1 - .../torcs/files/torcs-1.3.6-as-needed.patch | 96 ---------------------- games-sports/torcs/files/torcs-1.3.6-flags.patch | 14 ---- games-sports/torcs/files/torcs-1.3.6-format.patch | 34 -------- games-sports/torcs/files/torcs-1.3.6-gcc6.patch | 11 --- games-sports/torcs/files/torcs-1.3.6-gcc7.patch | 11 --- .../torcs/files/torcs-1.3.6-no-automake.patch | 21 ----- games-sports/torcs/files/torcs-1.3.6-noXmuXt.patch | 15 ---- games-sports/torcs/metadata.xml | 11 --- games-sports/torcs/torcs-1.3.6-r2.ebuild | 68 --------------- profiles/package.mask | 7 -- 11 files changed, 289 deletions(-) |
