Bug 30486

Summary: clash is unmaintained Qt4 application that should be dropped
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Matteo Pasotti <matteo.pasotti>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, geiger.david68210
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: clash-0.4.5-13.mga8.src.rpm CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 30163    

Description David Walser 2022-05-27 13:30:09 CEST 
Fedora has issued an advisory today (May 27):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/

Apparently Golang issues fixed in Bug 30362 required a rebuild for affected code.
Comment 1 Dave Hodgins 2022-05-27 19:00:42 CEST 
In Mageia 8, running clash under strace (without golang installed) shows no
attempt to lookup or load golang libraries. It is loading qt4 libraries, and
basic tests are working.

CC: (none) => davidwhodgins

Comment 2 David Walser 2022-05-27 19:25:34 CEST 
That's why it would need rebuilt.  It would be using routines that are built into it at build time.
Comment 3 Dave Hodgins 2022-05-27 20:38:52 CEST 
From https://svnweb.mageia.org/packages/updates/8/clash/current/SPECS/clash.spec?revision=1684229&view=markup
21	BuildRequires:  qt4-devel
22	BuildRequires:  pkgconfig(libming)
23	BuildRequires:  desktop-file-utils

No buildrequires for golang. As libming1 is a c library,I don't see any
indication clash uses go in either build or runtime.
Comment 4 David Walser 2022-05-27 20:42:40 CEST 
OK, it looks like these clash's are two different pieces of software.  We should be dropping any remaining Qt4 applications that haven't been ported to Qt5.

Summary: clash needs to be rebuilt for golang security issues => clash is unmaintained Qt4 application that should be dropped
Blocks: (none) => 30163

Dave Hodgins 2022-05-27 20:53:46 CEST

Version: 8 => Cauldron

Comment 5 David GEIGER 2023-04-02 08:12:58 CEST 
clash dropped with task-obsolete-9-108.mga9.

https://svnweb.mageia.org/packages?view=revision&revision=1951206

Status: NEW => RESOLVED
CC: (none) => geiger.david68210
Resolution: (none) => FIXED