Summary: | [java-overlay] Critical buffer overflow in dev-java/jogl-1.1.1 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Richard <shiningarcanine> |
Component: | [OLD] Unspecified | Assignee: | Java team <java> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | security, shiningarcanine, xmw |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://en.wikipedia.org/wiki/Java_OpenGL#Status_and_Standardization | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Richard
2010-07-28 20:45:20 UTC
I forgot to mention that there are currently two ebuilds for gluegen in portage, dev-java/gluegen-20080421 and dev-java/gluegen-20090509. dev-java/gluegen-20080421 should have been called dev-java/gluegen-1.0b06 while dev-java/gluegen-20090509 is a svn screenshot of gluegen between dev-java/gluegen-1.0b06 and dev-java/gluegen-1.0b06a. It uses a different ebuild file than the current dev-java/gluegen-20080421 and fails to build properly. Deleting the dev-java/gluegen-20090509 ebuild file and revision bumping dev-java/gluegen-20080421 to dev-java/gluegen-20090509 will enable dev-java/gluegen-20090509 to be built and installed, but having it installed causes build failures in both dev-java/jogl-1.1.1 and dev-java/jogl-1.1.1a. I would also like to recommend that dev-java/gluegen-20080421 be used as a basis for dev-java/gluegen-1.0b06. ping, any progress here? (In reply to comment #2) > ping, any progress here? Bumped jogl to 2.0_rc8 and dropped KEYWORDS on 1.1.1. How do you want to proceed from here? Science overlay fixed: + 03 Jan 2014; Justin Lecher <jlec@gentoo.org> -jogl-1.1.1.ebuild, + +jogl-1.1.1a.ebuild: + Bump away from vulnerable version, #330267 + commit 7335188 (HEAD, master) Author: Patrice Clement <monsieurp@gentoo.org> Date: Fri Oct 23 15:15:12 2015 +0000 dev-java/jogl: Removing from overlay. Fixes bug 330267. Signed-off-by: Patrice Clement <monsieurp@gentoo.org> delete mode 100644 dev-java/jogl/Manifest delete mode 100644 dev-java/jogl/files/1.1.0/fix-solaris-compiler.patch delete mode 100644 dev-java/jogl/files/1.1.0/uncouple-gluegen.patch delete mode 100644 dev-java/jogl/jogl-1.1.1.ebuild delete mode 100644 dev-java/jogl/jogl-2.0_rc8-r1.ebuild delete mode 100644 dev-java/jogl/metadata.xml There's a MUCH up-to-date and looked-after version sitting in the Science Overlay. https://gitweb.gentoo.org/proj/sci.git/tree/dev-java/jogl Consider pulling this one from one. Closing this bug. |