Description of problem: While testing Bug 28463 I uncovered a dependency problem with gnuplot-qt. If a Plasma user installs that alone, it will not draw in any dependencies. Once installed, it does not work properly - practically unusable. Installing gnuplot-nox makes it usable, indicating that it ought to be a dependency. The Mageia 8 gnuplot-qt has dependencies of both gnuplot-nox and gnuplot. Version-Release number of selected component (if applicable): gnuplot-qt-5.2.2-5.1.mga7 How reproducible: Always, if the user installs gnuplot-qt by itself
Seems a dependency issue. But: https://bugs.mageia.org/show_bug.cgi?id=27189 !! Should already be fixed. Since: r1618670 | neoclust | 2020-08-24 21:30:38 +0200 (lun. 24 août 2020) | 1 ligne Requires gnuplot in gnuplot-qt (mga#27189) *** This bug has been marked as a duplicate of bug 27189 ***
CC: (none) => ouaurelienStatus: NEW => RESOLVEDResolution: (none) => DUPLICATEAssignee: bugsquad => pkg-bugs
So sorry. Too fast reading... this is for Mageia 7!
Resolution: DUPLICATE => (none)Status: RESOLVED => REOPENED
As there is no maintainer for this package I added the committers in CC.
CC: (none) => mageia, nicolas.salguero
Thanks TJ for reporting this, and finding the problem: $ urpmq --requires gnuplot-qt | grep -v lib $ $ urpmq --whatrequires gnuplot [no mention of gnuplot-qt] $ urpmq --whatrequires gnuplot-nox gnuplot + ... $ urpmq --requires gnuplot | grep -v lib gnuplot-nox[== 5.2.2-5.mga7] So here it looks as if just a requires of gnuplot from gnuplot-qt would suffice.
Fixed in next gnuplot-5.2.2-5.2.mga7 update!
CC: (none) => geiger.david68210
Imported from Bug 28463 Advisory: ======================== Updated gnuplot packages fix security vulnerability: Double free when executing print_set_output() (CVE-2020-25559). Additionally, a missing require for gnuplot has been added to gnuplot-qt package. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25559 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CKEZYDL7ZTBAXXRLNGPXPFNXRKWZ3MXC/ ======================== Updated packages in core/updates_testing: ======================== gnuplot-5.2.2-5.2.mga7 gnuplot-mode-5.2.2-5.2.mga7 gnuplot-nox-5.2.2-5.2.mga7 gnuplot-qt-5.2.2-5.2.mga7 from SRPM gnuplot-5.2.2-5.2.mga7 Assigning to QA.
Status: REOPENED => ASSIGNEDQA Contact: (none) => securityComponent: RPM Packages => SecurityAssignee: pkg-bugs => qa-bugsSummary: gnuplot-qt-5.2.2-5.1 is missing dependencies on gnuplot-nox and gnuplot => gnuplot security uipdate and fix for gnuplot-qt-5.2.2-5 missing dependencies on gnuplot-nox and gnuplot
Summary: gnuplot security uipdate and fix for gnuplot-qt-5.2.2-5 missing dependencies on gnuplot-nox and gnuplot => gnuplot security update for CVE-2020-25559 and fix for gnuplot-qt-5.2.2-5 missing dependencies on gnuplot-nox and gnuplotCVE: (none) => CVE-2020-25559Source RPM: gnuplot-5.2.2-5.1.mga7 => gnuplot-5.2.2-5mga7
Removed all earlier installs of gnuplot, then installed gnuplot-qt, which did not pull in any dependencies. Checked it out using demo scripts from http://www.gnuplot.info/demo/ and none of the ones I tried worked. Used qarepo to get the packages in Comment 6, and then updated, which pulled in gnuplot and gnuplot-nox. Tried the demos again, and all worked. This looks OK. Validating. Advisory in Comment 6.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: (none) => MGA7-64-OK
Advisory committed to SVN.
Keywords: (none) => advisory
Blocks: (none) => 28463
All of this should have been done in the other bug, but whatever.
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0127.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED