Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 629208 - x11-libs/wxGTK: has optional dependencies on vulnerable slot 0.10 from gstreamer
Summary: x11-libs/wxGTK: has optional dependencies on vulnerable slot 0.10 from gstreamer
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo wxWidgets Herd
URL:
Whiteboard:
Keywords:
Depends on: wxwidgets-3.0 643956
Blocks: gst-0.10-removal
  Show dependency tree
 
Reported: 2017-08-28 16:46 UTC by Christopher Díaz Riveros (RETIRED)
Modified: 2018-07-16 00:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-08-28 16:46:42 UTC
wxGTK contains optional dependencies with slot 0.10 from gstreamer which is going to be removed from tree.

For more info refer to bug 550648.

This bug should not be considered resolved until the previous revisions with dependencies are removed from the tree.
Comment 1 Larry the Git Cow gentoo-dev 2018-01-04 17:18:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0644d07251388ae92b5fedbdcbc0ad0fd6a80ff

commit e0644d07251388ae92b5fedbdcbc0ad0fd6a80ff
Author:     kuzetsa <kuzetsa@gmail.com>
AuthorDate: 2017-12-11 03:45:08 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2018-01-04 17:17:23 +0000

    x11-libs/wxGTK: bump to v3.0.3, using gstreamer slot 1.0
    
    Bug: https://bugs.gentoo.org/629208
    Closes: https://bugs.gentoo.org/619830

 x11-libs/wxGTK/Manifest                |   2 +
 x11-libs/wxGTK/wxGTK-3.0.3-r300.ebuild | 190 +++++++++++++++++++++++++++++++++
 x11-libs/wxGTK/wxGTK-3.0.3.ebuild      | 151 ++++++++++++++++++++++++++
 3 files changed, 343 insertions(+)}
Comment 2 Larry the Git Cow gentoo-dev 2018-02-23 05:33:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab6047e626654bf52fa75614216dd10108845eea

commit ab6047e626654bf52fa75614216dd10108845eea
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2018-02-23 05:27:07 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2018-02-23 05:27:07 +0000

    x11-libs/wxGTK: remove old
    
    This removes the last vulnerable webkit-gtk:2 using revision of wxGTK,
    and last revision using gstreamer:0.10 in wxGTK-3* (gst 0.10 usage
    remains in wxGTK:2.8 for now - pending ability to cleanup 2.8 as a whole).
    
    Closes: https://bugs.gentoo.org/629122
    Bug: https://bugs.gentoo.org/629208
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 x11-libs/wxGTK/wxGTK-3.0.2.0-r3.ebuild | 165 ---------------------------------
 1 file changed, 165 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f585ddb8d75eaaccd5b242aad425acd8cb266b24

commit f585ddb8d75eaaccd5b242aad425acd8cb266b24
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2018-02-23 05:19:35 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2018-02-23 05:21:22 +0000

    x11-libs/wxGTK: Add a 3.0.2.0-r4 straight to stable on arm that removes USE=webkit,gstreamer
    
    Unfortunately arm is delayed with stabling 3.0.3, so I'm forced to introduce
    a rebuild without USE=webkit of 3.0.2.0-r3 as r4 to stable arm users meanwhile,
    to get rid of security vulnerable webkit-gtk slots.
    As USE=gstreamer is only needed by packages that do not have any arm keywords,
    also remove USE=gstreamer from this version, as it also uses security vulnerable
    ancient versions of gstreamer (also fixed in 3.0.3 bump that's delayed for arm
    stable), and we can just remove it now together with webkit, instead of hitting
    the problem again when gstreamer:0.10 is all ready for security cleanup (and
    having to do yet another revbump for this separately later) - if arm is still
    delayed by then.
    
    Bug: https://bugs.gentoo.org/643956
    Bug: https://bugs.gentoo.org/629208
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 x11-libs/wxGTK/wxGTK-3.0.2.0-r4.ebuild | 161 +++++++++++++++++++++++++++++++++
 1 file changed, 161 insertions(+)}
Comment 3 Mart Raudsepp gentoo-dev 2018-07-16 00:12:09 UTC
wxGTK:2.8 is p.masked, so we can consider this fixed, for the purposes of being able to p.mask gst:0.10 eventually