Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 732634 - dev-perl/CryptX: bundles libtommath, libtomcrypt
Summary: dev-perl/CryptX: bundles libtommath, libtomcrypt
Status: CONFIRMED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Auditing (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security Audit Team
URL: https://github.com/DCIT/perl-CryptX/b...
Whiteboard:
Keywords:
Depends on: 723844
Blocks: bundled-libs
  Show dependency tree
 
Reported: 2020-07-14 21:11 UTC by Sam James
Modified: 2021-05-31 17:53 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-07-14 21:11:17 UTC
dev-perl/CryptX cbundles libtommath.

They already allow us [0] to unbundle it ("experimental"), but we don't yet do it in the ebuild.

[0] https://github.com/DCIT/perl-CryptX/blob/49c10c2697f320c2be00e66ab2c06d767cacfb9f/Makefile.PL#L9
Comment 1 Sam James archtester gentoo-dev Security 2020-07-14 21:12:05 UTC
(and libtomcrypt)
Comment 2 Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev 2020-07-14 23:51:49 UTC
(In reply to Sam James from comment #1)
> (and libtomcrypt)

tomcrypt not yet in portage.

And in general, there are often issues with using non-bundled sources. :/
Comment 3 Sam James archtester gentoo-dev Security 2020-12-22 02:31:23 UTC
Now it is. Shall we try it?
Comment 4 Andreas K. Hüttel gentoo-dev 2021-05-04 21:54:45 UTC
(In reply to Sam James from comment #3)
> Now it is. Shall we try it?

It doesnt build against the release version. Bundled version is development branch snapshot. 

(tested with libtommath-1.2.0, libtomcrypt-1.18.2-r2, CryptX-0.072)