Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 713480 - net-misc/mikutter uses an obsolete dev-ruby/json slot
Summary: net-misc/mikutter uses an obsolete dev-ruby/json slot
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Naohiro Aota
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: CVE-2020-10663
  Show dependency tree
 
Reported: 2020-03-19 15:04 UTC by Hans de Graaff
Modified: 2020-08-07 04:40 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hans de Graaff gentoo-dev Security 2020-03-19 15:04:36 UTC
net-misc/mikutter uses dev-ruby/json:0. This version is obsolete, and now also contains a security bug (see blocker).

I noticed that the Gemfile in mikutter references 'json_pure', '~> 1.8'. My suggestion would be to change that to 'json', '~> 2.0'

json_pure is never needed on Gentoo because we can always provide the compiled variant, and 2.0 should be compatible with 1.8 in terms of API.
Comment 1 Hans de Graaff gentoo-dev Security 2020-07-22 04:46:14 UTC
Given that there has been no activity on this bug at all I'm going to mask mikutter for removal along with the vulnerable json version later this week.
Comment 2 Naohiro Aota gentoo-dev 2020-07-22 05:27:51 UTC
Ah, sorry for long silence. I'll proceed the ruby-gnome2 stuff and fix this be too in this week.
Comment 3 Larry the Git Cow gentoo-dev 2020-08-04 18:16:03 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f417257a3009152d20ec385fc6c467c5cd6cbac1

commit f417257a3009152d20ec385fc6c467c5cd6cbac1
Author:     Naohiro Aota <naota@gentoo.org>
AuthorDate: 2020-08-04 18:12:30 +0000
Commit:     Naohiro Aota <naota@gentoo.org>
CommitDate: 2020-08-04 18:14:51 +0000

    net-misc/mikutter: version bump and drop old
    
    This bump also added ruby26 support and moved to newer dev-ruby/json
    slot.
    
    Closes: https://bugs.gentoo.org/575186
    Closes: https://bugs.gentoo.org/699228
    Closes: https://bugs.gentoo.org/713480
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Signed-off-by: Naohiro Aota <naota@gentoo.org>

 net-misc/mikutter/Manifest                         |  2 +-
 net-misc/mikutter/files/mikutter                   |  2 +-
 ...mikutter-3.8.6.ebuild => mikutter-4.0.6.ebuild} | 49 +++++++++++-----------
 net-misc/mikutter/mikutter-9999.ebuild             | 49 +++++++++++-----------
 4 files changed, 50 insertions(+), 52 deletions(-)
Comment 4 Hans de Graaff gentoo-dev Security 2020-08-07 04:40:56 UTC
(In reply to Larry the Git Cow from comment #3)
>     net-misc/mikutter: version bump and drop old
>     
>     This bump also added ruby26 support and moved to newer dev-ruby/json
>     slot.

Thanks!