| Summary: | x11-libs/wxGTK: has optional dependencies on vulnerable slot 0.10 from gstreamer | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Christopher Díaz Riveros (RETIRED) <chrisadr> |
| Component: | Current packages | Assignee: | Gentoo wxWidgets project <wxwidgets> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | kuzetsa |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://github.com/gentoo/gentoo/pull/6513 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 562480, 643956 | ||
| Bug Blocks: | 550648 | ||
|
Description
Christopher Díaz Riveros (RETIRED)
2017-08-28 16:46:42 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0644d07251388ae92b5fedbdcbc0ad0fd6a80ff commit e0644d07251388ae92b5fedbdcbc0ad0fd6a80ff Author: kuzetsa <kuzetsa@gmail.com> AuthorDate: 2017-12-11 03:45:08 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2018-01-04 17:17:23 +0000 x11-libs/wxGTK: bump to v3.0.3, using gstreamer slot 1.0 Bug: https://bugs.gentoo.org/629208 Closes: https://bugs.gentoo.org/619830 x11-libs/wxGTK/Manifest | 2 + x11-libs/wxGTK/wxGTK-3.0.3-r300.ebuild | 190 +++++++++++++++++++++++++++++++++ x11-libs/wxGTK/wxGTK-3.0.3.ebuild | 151 ++++++++++++++++++++++++++ 3 files changed, 343 insertions(+)} The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab6047e626654bf52fa75614216dd10108845eea commit ab6047e626654bf52fa75614216dd10108845eea Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2018-02-23 05:27:07 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2018-02-23 05:27:07 +0000 x11-libs/wxGTK: remove old This removes the last vulnerable webkit-gtk:2 using revision of wxGTK, and last revision using gstreamer:0.10 in wxGTK-3* (gst 0.10 usage remains in wxGTK:2.8 for now - pending ability to cleanup 2.8 as a whole). Closes: https://bugs.gentoo.org/629122 Bug: https://bugs.gentoo.org/629208 Package-Manager: Portage-2.3.19, Repoman-2.3.6 x11-libs/wxGTK/wxGTK-3.0.2.0-r3.ebuild | 165 --------------------------------- 1 file changed, 165 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f585ddb8d75eaaccd5b242aad425acd8cb266b24 commit f585ddb8d75eaaccd5b242aad425acd8cb266b24 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2018-02-23 05:19:35 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2018-02-23 05:21:22 +0000 x11-libs/wxGTK: Add a 3.0.2.0-r4 straight to stable on arm that removes USE=webkit,gstreamer Unfortunately arm is delayed with stabling 3.0.3, so I'm forced to introduce a rebuild without USE=webkit of 3.0.2.0-r3 as r4 to stable arm users meanwhile, to get rid of security vulnerable webkit-gtk slots. As USE=gstreamer is only needed by packages that do not have any arm keywords, also remove USE=gstreamer from this version, as it also uses security vulnerable ancient versions of gstreamer (also fixed in 3.0.3 bump that's delayed for arm stable), and we can just remove it now together with webkit, instead of hitting the problem again when gstreamer:0.10 is all ready for security cleanup (and having to do yet another revbump for this separately later) - if arm is still delayed by then. Bug: https://bugs.gentoo.org/643956 Bug: https://bugs.gentoo.org/629208 Package-Manager: Portage-2.3.19, Repoman-2.3.6 x11-libs/wxGTK/wxGTK-3.0.2.0-r4.ebuild | 161 +++++++++++++++++++++++++++++++++ 1 file changed, 161 insertions(+)} wxGTK:2.8 is p.masked, so we can consider this fixed, for the purposes of being able to p.mask gst:0.10 eventually |