Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 735600 - media-video/gpac depends on vulnerable media-libs/openjpeg:0
Summary: media-video/gpac depends on vulnerable media-libs/openjpeg:0
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: media-video herd
URL:
Whiteboard:
Keywords:
Depends on: 747202
Blocks: CVE-2018-21010
  Show dependency tree
 
Reported: 2020-08-02 20:17 UTC by John Helmert III (ajak)
Modified: 2020-10-08 03:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III (ajak) 2020-08-02 20:17:23 UTC
media-video/gpac is blocking cleanup of media-libs/openjpeg for bug 711260. Can anything be done about the dependency on openjpeg:0?

https://github.com/gentoo/gentoo/pull/16909
https://qa-reports.gentoo.org/output/gentoo-ci/bcba0b96a2/output.html#media-video/gpac
Comment 1 Sam James archtester gentoo-dev Security 2020-08-31 23:15:58 UTC
Yep. Newer versions don't need it anymore. Cleaned.
Comment 2 Sam James archtester gentoo-dev Security 2020-09-02 01:26:39 UTC
(In reply to Sam James from comment #1)
> Yep. Newer versions don't need it anymore. Cleaned.

My error. We need 1.x.x. This wasn't building at the time :(
Comment 3 Larry the Git Cow gentoo-dev 2020-09-08 22:42:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62238af1490e6900856b6f8fdd196ab779b46e72

commit 62238af1490e6900856b6f8fdd196ab779b46e72
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-09-08 22:30:23 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-09-08 22:42:45 +0000

    media-video/gpac: fix failed install for 1.0.0
    
    Upstream are currently rewriting huge amounts
    of their codebase. 0.8.x -> 1.0.0 marks a large change.
    
    In this process, they inadverently broke non-Debian
    builds by relying on "IS_DEB_MAKE" being set to
    'undefined'.
    
    We also change the openjpeg slot to :2 as per
    changing upstream requirements.
    
    Closes: https://bugs.gentoo.org/740404
    Bug: https://bugs.gentoo.org/735600
    Package-Manager: Portage-3.0.6, Repoman-3.0.1
    Signed-off-by: Sam James <sam@gentoo.org>

 .../gpac/files/gpac-1.0.0-makefile-debian.patch    | 13 ++++++++++++
 media-video/gpac/gpac-1.0.0.ebuild                 | 24 ++++++++++++++--------
 2 files changed, 28 insertions(+), 9 deletions(-)