Bug 30163 - [TRACKER] Packages that need to be obsoleted for Mageia 9 release
Summary: [TRACKER] Packages that need to be obsoleted for Mageia 9 release
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: release_blocker critical
Target Milestone: Mageia 9
Assignee: Mageia Bug Squad
QA Contact:
URL:
Whiteboard:
Keywords: TRACKER
Depends on: 15760 26957 28511 28683 28878 29281 29326 29613 29733 29771 29836 30153 30179 30486 30841 31066 31118 31546 31773 31774
Blocks:
  Show dependency treegraph
 
Reported: 2022-03-12 18:09 CET by Marja Van Waes
Modified: 2024-02-18 11:48 CET (History)
13 users (show)

See Also:
Source RPM:
CVE:
Status comment:


Attachments

Description Marja Van Waes 2022-03-12 18:09:57 CET
We have several packages in Cauldron that are no longer maintained upstream and have become unusable. They need to be obsoleted before Mageia 9 is released.

In case a dead-upstream package still seems usable, but has security issues, then it likely needs to be obsoleted, too.
Comment 1 sturmvogel 2022-03-12 18:22:51 CET
Needs to get obsoleted:
lightspark-mozilla-plugin-0.8.5-2.mga9.

Mozilla compatible plugin for lightspark (this type of plugin is obsoleted since years in Firefox)

Flashplayer is EOL since 2020 and blocked from execution since Jan 2021

Quote from the GitHub page:
"Most browsers including Firefox and Chromium don't support flash any longer, so the plugins don't work on their latest versions."

"Support matrix
Web browser	Windows	Linux
Pale Moon	Yes	Yes
Firefox	        No	No
Chrome	        No	No
Chromium	No	No
Waterfox	No	Yes
Falcon	        No	untested
MyPal	        Yes	N/A

https://github.com/lightspark/lightspark/wiki/Getting-Lightspark-up-and-running-in-Web-Browser
https://github.com/lightspark/lightspark/releases
Comment 2 sturmvogel 2022-03-12 18:43:44 CET
Needs to get obsoleted:
firefox-ext-mozvoikko-2.0.1-11.mga9

Finnish spell-checking extension for Mozilla applications

Quote from GitHub page:
"UNMAINTAINED Spell checker extension for legacy Mozilla products (older than Firefox 57 or Thunderbird 60)"

It is a NPAPI plugin which is no longer supported in all major browsers.
Comment 3 sturmvogel 2022-03-12 18:46:51 CET
Needs to get obsoleted:
mozilla-plugin-aliedit-1.0.3.20-9.mga8

Aliedit extension for firefox

It is a NPAPI plugin which is no longer supported in all major browsers.

(Have look at the spec file history. It should have been removed in the past)
Comment 4 Dave Hodgins 2022-03-12 19:38:10 CET
Please keep in mind that only packages the cannot work in Mageia 9, or that
will interfere with upgrades from 8 to 9 should be obsoleted, which forcefully
removes them from the user's installation during upgrade.

Other packages that are no longer supported by Mageia should be removed from svn
only, using the null package.
https://svnweb.mageia.org/packages/cauldron/null/

The user's may have third party software that can still use those packages,
or choose to use no longer supported packages, as I do with opera 12.16 from
Mageia 4.

CC: (none) => davidwhodgins

Comment 5 Lewis Smith 2022-03-13 08:53:34 CET
(In reply to Marja Van Waes from comment #0)
> We have several packages in Cauldron that are no longer maintained upstream
> and have become unusable. They need to be obsoleted before Mageia 9 is
> released.
> In case a dead-upstream package still seems usable, but has security issues,
> then it likely needs to be obsoleted, too.
How can these be identified?

Over time suggestions to obsolete packages pop up. Is it possible to search Bugzilla for this word in any comment? I never succeed with advanced searching.

CC: (none) => lewyssmith

Comment 6 David Walser 2022-03-15 20:31:09 CET
lightspark actually doesn't need to be removed.  It has an offline flash player executable that people can use if they have old swf files laying around.  Yes the mozilla plugin doesn't work any more but it's not hurting anything.

qca2 and the things built against it (kdelibs4, kdebase4-runtime, kde4-kactivities, qutim) probably all need to be dropped, as qca2 can't be rebuilt against botan.

Two more candidates to be dropped, recently mentioned on IRC:

<papoteur> I had a look to python-sparqlwrapper. This is a Python module. It doesn't seem to be required by anything. We have 1.8.2, the latest is 1.8.5 about 2 years ago. This ones don't build in cauldron.
<papoteur> On https://github.com/RDFLib/sparqlwrapper, it seems to be the idea started 2 years ago to have 1.9 which drops support for Python 2. But the tag 1.9 isn't set for the moment.

<papoteur> I think telldus-core is a good candidate for dropping:
<papoteur> 1/ it doesn't build
<papoteur> 2/ it is linked to specific hardware (IOT)
<papoteur> 3/ there is no activity since 2 years, and not a lot since 2013.

CC: (none) => yves.brungard_mageia

Comment 7 David Walser 2022-03-15 20:38:58 CET
Just to make sure it doesn't get forgotten, openssl 1.1.1 needs to removed:
https://bugs.mageia.org/show_bug.cgi?id=30174#c2

CC: (none) => luigiwalser

Comment 8 papoteur 2022-03-15 22:14:29 CET
(In reply to David Walser from comment #6)
> 
> Two more candidates to be dropped, recently mentioned on IRC:
> 
> <papoteur> I had a look to python-sparqlwrapper. This is a Python module. It
> doesn't seem to be required by anything. We have 1.8.2, the latest is 1.8.5
> about 2 years ago. This ones don't build in cauldron.
> <papoteur> On https://github.com/RDFLib/sparqlwrapper, it seems to be the
> idea started 2 years ago to have 1.9 which drops support for Python 2. But
> the tag 1.9 isn't set for the moment.
In the mean time, 2.0.0 has been released. I have posted a new spec for it.
> 
> <papoteur> I think telldus-core is a good candidate for dropping:
> <papoteur> 1/ it doesn't build
> <papoteur> 2/ it is linked to specific hardware (IOT)
> <papoteur> 3/ there is no activity since 2 years, and not a lot since 2013.

I have moved it in obsolete.
Comment 9 David Walser 2022-03-15 22:23:19 CET
You can't just move something to obsolete in SVN while it's still in the repo.  It needs to be removed from the repository as well.
Comment 10 sturmvogel 2022-03-16 15:51:16 CET
pm-utils

Last distribution standing is Mageia. No rpm or deb based disribution is shipping pm-utils anymore.

As seen in bug 30080, bug 30180, bug 30179, bug ... pm-utils only causes problems.

Last pm-utils release is from 2010. Most functions are now served by systemd/systemctl.

Opensuse deprecated in 2015
https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/message/GX3KAWFIQNXWJDGE2BUANJFK7ZMPPFO3/

Last Fedora with pm-utils was Fedora 22 (now we have Fedora 35)

..and many more deb and prm based distries...dropped support a decade ago...
Marja Van Waes 2022-03-16 16:04:40 CET

Depends on: (none) => 30179

Marja Van Waes 2022-03-16 16:05:27 CET

Keywords: (none) => TRACKER

Rémi Verschelde 2022-03-21 12:38:19 CET

Depends on: 30156 => (none)

Comment 11 papoteur 2022-03-24 12:24:14 CET
python-vatnumber : no update since 2014, nothing claims  it, doesn't build anymore

python-speaklater-1.3-14.mga9 no update since 2012, required by python3-flask-babelex, doesn't build anymore

python-anyjson  ne construit plus no update since 2012, nothing claims  it, doesn't build anymore

python-flask-script referenced as deprecated https://github.com/smurfix/flask-script
Comment 12 Morgan Leijström 2022-04-22 10:07:54 CEST
Bug 30317 - wmebcam is useless

Comes with no help, not apparent how to use.

Depends on: (none) => 30317
CC: (none) => fri

Marja Van Waes 2022-04-22 22:41:11 CEST

Depends on: 30317 => (none)

Comment 13 Morgan Leijström 2022-05-01 01:02:17 CEST
fwupdate, https://bugs.mageia.org/show_bug.cgi?id=28878#c3
Bug 28878 - Conflict between fwupdate-efi and grub2-common

Depends on: (none) => 28878

Comment 14 Barry Jackson 2022-05-03 12:22:50 CEST
I have two packages that will need to be obsoleted before Mga9

chirp - because upstream are unlikely to move to python-3 any time soon.

cambozola - because it was packaged to support zoneminder which no longer needs it.

Adding here as a reminder ;)

CC: (none) => zen25000

Comment 15 Chris Denice 2022-05-10 23:57:51 CEST
In the process of updating proj, I forecast some obsoleting to:

zygrib

CC: (none) => eatdirt

Comment 16 Chris Denice 2022-05-11 00:00:57 CEST
qt-mobility
Comment 17 Morgan Leijström 2022-05-20 10:19:26 CEST
Possibly Sugar desktop

https://bugs.mageia.org/show_bug.cgi?id=18706#c14

Depends on: (none) => 18706

David Walser 2022-05-27 20:42:40 CEST

Depends on: (none) => 30486

sturmvogel 2022-06-05 00:58:14 CEST

Depends on: (none) => 15760

Comment 18 papoteur 2022-06-08 13:51:15 CEST
acoustid-fingerprinter
The last release is from 2012. http://acoustid.org/fingerprinter
It doesn't build anymore, surely because of ffmpeg 5.
Nothing claims it.
sturmvogel 2022-08-12 14:51:52 CEST

Depends on: (none) => 26780

Comment 19 sturmvogel 2022-08-12 14:53:12 CEST
vbindiff is broken since MGA6. vbindiff is unmaintained since over 5 years upstream and no code maintenance/bugfixing was done.

bug 26780
Comment 20 Morgan Leijström 2022-08-25 19:45:43 CEST
gnucap? is redundant and old.
Electronic cirquit simulator.

We have a really old version from 2009 packaged - at least it need to be updated.
Project seem alive, but not very active.  http://gnucap.org/dokuwiki/doku.php/gnucap:projects list work is needed for interfacing several programs, and that page was last updated in 2016...
To clean up number of packages we supply, I suggest to drop gnucap.
(and if not, update it at least in cauldron, there is now a 2021 version)

We package ngspice, which is well known, well developed, and used by i.e KiCad which we package.  https://ngspice.sourceforge.io/ and have even verification tests/examples with KiCad https://ngspice.sourceforge.io/quality.html
Comment 21 Barry Jackson 2022-09-02 20:18:04 CEST
(In reply to sturmvogel from comment #19)
> vbindiff is broken since MGA6. vbindiff is unmaintained since over 5 years
> upstream and no code maintenance/bugfixing was done.
> 
> bug 26780

We now have a fix for 26780 so it should not be obsoleted as it is a useful CLI tool.
Bruno Cornec 2022-09-05 21:16:35 CEST

CC: (none) => bruno

Comment 22 Morgan Leijström 2022-09-06 10:49:09 CEST
Fritzing. We fail to package it and get no upstream help. Bug 18689

Depends on: (none) => 18689

Barry Jackson 2022-09-07 12:21:39 CEST

Depends on: 26780 => (none)

Comment 23 Morgan Leijström 2022-09-14 05:09:58 CEST
Nextcloud server Bug 28511
We are not keeping up. Not even finished the upgrade path mga7 -> mga8 yet.

Depends on: (none) => 28511

Comment 24 Morgan Leijström 2022-09-14 13:31:27 CEST
Misunderstanding - behind the curtain there have been work on NC :)

Depends on: 28511 => (none)

Comment 25 David Walser 2022-09-14 18:30:22 CEST
(In reply to Morgan Leijström from comment #24)
> Misunderstanding - behind the curtain there have been work on NC :)

We still need to remember to drop it before Mageia 9 is branched.

Depends on: (none) => 28511

Comment 26 Morgan Leijström 2022-09-14 19:29:38 CEST
Nextcloud should maybe be dropped from release repo.
Then maybe reinstated in backport.
Lets see how packaging, testing, and opinions progress in Bug 28511...
Comment 27 David Walser 2022-09-14 19:50:46 CEST
Yes that's how we handled it for Mageia 8.
Comment 28 Mauricio Andrés Bustamante Viveros 2022-09-20 05:09:02 CEST
Hi

What about this issue??
https://bugs.mageia.org/show_bug.cgi?id=17706

CC: (none) => neoser10

Comment 29 David Walser 2022-09-20 12:04:10 CEST
(In reply to Mauricio Andrés Bustamante Viveros from comment #28)
> Hi
> 
> What about this issue??
> https://bugs.mageia.org/show_bug.cgi?id=17706

That's not about a package that needs to be dropped.
Comment 30 Lewis Smith 2022-10-06 21:06:42 CEST
Bug 30938 : dhcp-4.4.3P1-1.mga9.src.rpm       "dhcp is EOL upstream"
This needs to be replaced in various places as DavidW details in this bug.

Depends on: (none) => 30938

Comment 32 David Walser 2022-10-25 14:53:07 CEST
Some more there were already bugs for...

nrpe
Bug 26957

perl-Net-IPv4Addr
Bug 29281

qtwebkit/wkhtmltopdf
Bug 29326

tmate
Bug 29733

Depends on: (none) => 26957, 29281, 29326, 29733

Comment 33 David Walser 2022-10-25 17:24:50 CEST
quictls is an openssl fork that should not have been imported.
Comment 34 David Walser 2022-10-30 04:58:56 CET
nbd was imported, but never has worked, and the maintainer is no longer with us.

Depends on: (none) => 30153

Comment 35 Lewis Smith 2022-10-31 20:37:44 CET
tmate
Bug 29733 - tmate should probably be dropped due to inadequate upstream maintenance
Comment 36 David Walser 2022-11-02 21:22:19 CET
(In reply to David Walser from comment #33)
> quictls is an openssl fork that should not have been imported.

Bug 31066.

Depends on: (none) => 31066

Comment 37 Lewis Smith 2022-11-03 20:10:22 CET
bug 31069 : python-flask-security

"Note that this software is unmaintained upstream.  Apparently it has been replaced by flask-security-too (which is also vulnerable to this issue, where it is known as CVE-2021-32618).

So this package should be dropped or replaced in Cauldron as well"
Comment 38 Lewis Smith 2022-11-03 20:31:02 CET
(In reply to David Walser from comment #33)
> quictls is an openssl fork that should not have been imported.
Bug 31066.
"quictls really should just be a patch set for OpenSSL that should be submitted upstream.  This should be dropped before Mageia 9."
Comment 39 Raphael Gertz 2022-11-04 06:33:22 CET
(In reply to Lewis Smith from comment #38)
> (In reply to David Walser from comment #33)
> > quictls is an openssl fork that should not have been imported.
> Bug 31066.
> "quictls really should just be a patch set for OpenSSL that should be
> submitted upstream.  This should be dropped before Mageia 9."

I answered in the bug report, the idea is not to get the whole distribution built against it, just give a easy way for people requiring quic to use it by just rebuilding the required package against quictls instead of openssl.
(both libraries may be installed and only the buildrequire should select wanted library)

CC: (none) => mageia

Comment 40 Dave Hodgins 2022-11-08 19:01:01 CET
Also qt-fsarchiver and qt-fsarchiver-terminal.
See bug 28791

Depends on: (none) => 28791

Comment 41 Lewis Smith 2022-11-09 20:55:56 CET
transcode, bug 31096.
"Transcode was removed from SVN 4 months ago, but was never added to task-obsolete-tainted. I have now added it."
Comment 42 Lewis Smith 2022-11-10 21:23:22 CET
notification-daemon (Gnome)
Bug 31103
from QA-discuss M/L:
/usr/libexec/notification-daemon comes from an archived (deprecated and 
unmaintained) GNOME project, so probably should be dropped from Mageia.
Comment 43 Lewis Smith 2022-11-10 21:29:43 CET
vino (Gnome)
Bug 31104
from QA-discuss M/L:
For vino, upstream says:
"Vino was the GNOME desktop sharing server. It is now archived and unmaintained - please use gnome-remote-desktop instead! "
Thus it has to be obsoleted.
sturmvogel 2022-11-13 20:59:13 CET

Depends on: (none) => 31118

Comment 44 sturmvogel 2022-11-13 20:59:45 CET
gnome-shell-extension-topicons

See bug 31118 and bug 29840

This is dead upstream. The author recommends switching to the appindicator extension, which we do have packaged for Mageia 9
Comment 45 Chris Denice 2022-12-06 23:12:47 CET
To be checked with Akien, but:

openmw does not build anymore, new version only accept libbullet compiled in double precision, that we do not provide currently. Moreover, it is the only remaining package forcing us to have double packaging of old versions of:

openscreengraph34
lib64openthreads20

I think we could consider dropping those three!

Cheers,
Chris.
Comment 46 Raphael Gertz 2022-12-08 09:33:39 CET
(In reply to Chris Denice from comment #45)
> To be checked with Akien, but:
> 
> openmw does not build anymore, new version only accept libbullet compiled in
> double precision, that we do not provide currently. Moreover, it is the only
> remaining package forcing us to have double packaging of old versions of:
> 
> openscreengraph34
> lib64openthreads20
> 
> I think we could consider dropping those three!
> 

I rebuilded libbullet with double precision to try to get openmw working.

You may drop the two previously reported libraries as they seems useless now.

I imported recastnavigation and openmw should be available soon in cauldron.

The only downside is that we need a check wether the following packages still works with double precision in libbullet :
godot
godot-headless
godot-runner
godot-server
openmw
vdrift

I don't know how to fix stuntrally and irrlamb, both fails at link time:
https://github.com/stuntrally/stuntrally/issues/107
(they seems to use hardcoded float values where double should be used)
Comment 47 Raphael Gertz 2022-12-08 10:27:02 CET
(In reply to Raphael Gertz from comment #46)
> I don't know how to fix stuntrally and irrlamb, both fails at link time:
> https://github.com/stuntrally/stuntrally/issues/107
> (they seems to use hardcoded float values where double should be used)

It seems -DBT_USE_DOUBLE_PRECISION don't get passed correctly by cmake.
Comment 48 Raphael Gertz 2022-12-09 08:01:59 CET
Hi,

I updated stuntrally to version 2.6.2, irrlamb and vdrift are fixed for bullet double precision too.

You may be able to drop these susmentioned packages:
openscreengraph34
lib64openthreads20

Best regards
Comment 49 Chris Denice 2022-12-10 16:14:34 CET
Well done Raphael!
Comment 50 Morgan Leijström 2022-12-30 17:57:37 CET
zfs-fuse?
https://bugs.mageia.org/show_bug.cgi?id=17245#c17
Comment 51 Dave Hodgins 2023-01-21 06:43:16 CET
Another one to obsolete as per bug 3659 from 2012
invictus-firewall

As per discussion on qa discuss ml it still causes problems if installed.
Comment 52 Morgan Leijström 2023-02-10 09:25:01 CET
ogmrip is dead upstream and broken in other distros and in mga8 and cauldron despite trying to fix it

https://bugs.mageia.org/show_bug.cgi?id=28683#c19
Morgan Leijström 2023-02-10 09:26:38 CET

Depends on: (none) => 28683

David Walser 2023-02-14 16:10:41 CET

Depends on: (none) => 31546

Comment 53 David Walser 2023-02-14 16:11:23 CET
Added unarj (Bug 31546).  Unfixed security issues and should be obsoleted by arj apparently.
Comment 54 Morgan Leijström 2023-02-20 18:47:48 CET
Anki: can no longer be built, and the old version is not compatible with the sync service

https://bugs.mageia.org/show_bug.cgi?id=30841#c3

Depends on: (none) => 30841

Comment 55 Morgan Leijström 2023-03-17 21:21:20 CET
Fritzing now works on cauldron / mga9; do not drop.

Depends on: 18689 => (none)

David Walser 2023-04-06 18:56:45 CEST

Depends on: (none) => 29771

David Walser 2023-04-06 19:28:29 CEST

Depends on: (none) => 28885

katnatek 2023-04-07 01:37:43 CEST

Depends on: (none) => 31773

katnatek 2023-04-07 02:02:42 CEST

Depends on: (none) => 31774

Morgan Leijström 2023-05-03 10:02:07 CEST

Depends on: (none) => 31694

Comment 56 Lewis Smith 2023-05-03 20:50:10 CEST
Re the previous comment,
 https://bugs.mageia.org/show_bug.cgi?id=31694#c2
"Because eclipse was removed from Cauldron, openjfx and openjfx8 cannot be built anymore.  I think the best thing to do is to drop both."
so recording here the need to drop both packages.
David Walser 2023-05-04 17:11:17 CEST

Depends on: (none) => 31867

Comment 57 Lewis Smith 2023-05-04 20:13:28 CEST
From bug 31867 noted above, here are the packages to drop listed, hopefully in alpabetic order:
libdmx
liblbxutil
liboldx
libxevie
libxfontcache
libxp
libxtrap
libxxf86misc
x11-driver-input-fpit
x11-driver-input-hyperpen
x11-driver-input-mutouch
x11-driver-input-penmount
x11-font-bitstream-speedo
xfindproxy
xfwp
xrx
xsetmode
Comment 58 David GEIGER 2023-05-22 16:08:38 CEST
ogmrip now removed from Cauldron Core and Tainted repo!

CC: (none) => geiger.david68210

Nicolas Salguero 2023-06-07 14:21:23 CEST

Depends on: 31694 => (none)

Dave Hodgins 2023-06-14 23:28:04 CEST

Depends on: 28791 => (none)

David Walser 2023-06-15 23:42:18 CEST

Depends on: (none) => 32018

Comment 59 Nicolas Lécureuil 2023-06-19 00:57:30 CEST
can we have an updated list of the packages to drop ?

CC: (none) => mageia

Comment 60 Lewis Smith 2023-06-19 21:35:40 CEST
Well, this is a list from perusing this bug, with no guarantee of its validity. Up to others to point up errors.
I have NOT shown packages which were commented to be dropped, but re-instated in later comments.

comment 1 : lightspark-mozilla-plugin-0.8.5-2.mga9 ? [See also comment 6]
Flashplayer

comment 2 : firefox-ext-mozvoikko-2.0.1-11.mga9

comment 3 : mozilla-plugin-aliedit-1.0.3.20-9.mga8

comment 6 : qca2 and the things built against it (kdelibs4, kdebase4-runtime, kde4-kactivities, qutim)
telldus-core [See also comment 8, comment 9]

comment 7 : openssl 1.1.1 ? [There is an open nVidia bug about this:
https://bugs.mageia.org/show_bug.cgi?id=32022]

comment 10 : pm-utils

comment 11 : python-vatnumber
python-speaklater-1.3-14.mga9, required by python3-flask-babelex
python-anyjson
python-flask-script

comment 12 : wmebcam

comment 13 : fwupdate

comment 14 : chirp
cambozola

comment 15 : zygrib

comment 16 : qt-mobility

comment 17 : Sugar desktop ?

comment 18 : acoustid-fingerprinter

comment 19 : vbindiff ? [countermanded to keep comment 21]

comment 20 : gnucap ?

comment 23 : Nextcloud server ? [See also comments 24, 25, 26, 27]

comment 30 : dhcp-4.4.3P1-1.mga9.src.rpm

comment 31 : Banshee
Brasero

comment 32 : nrpe
perl-Net-IPv4Addr
qtwebkit/wkhtmltopdf
tmate

comment 33 : quictls [See also comment 36, comment 38, comment 39]

comment 34 : nbd

comment 35 : tmate

comment 37 : python-flask-security

comment 41 : transcode

comment 42 : notification-daemon (Gnome)

comment 43 : vino

comment 44 : gnome-shell-extension-topicons

comment 45 : openscreengraph34
lib64openthreads20 [see also for both comment 46, comment 48]

comment 50 : zfs-fuse ?

comment 51 : invictus-firewall

comment 52 : ogmrip

comment 53 : unarj

comment 54 : Anki

comment 56 : openjfx
openjfx8

comment 57 : libdmx
liblbxutil
liboldx
libxevie
libxfontcache
libxp
libxtrap
libxxf86misc
x11-driver-input-fpit
x11-driver-input-hyperpen
x11-driver-input-mutouch
x11-driver-input-penmount
x11-font-bitstream-speedo
xfindproxy
xfwp
xrx
xsetmode
Comment 61 David Walser 2023-06-19 21:56:55 CEST
I don't think a valid reason was given for dropping lightspark.  unarj was already replaced.  I think openjfx was fixed?  Also, don't forget the "depends on" bugs, which don't all have an associated comment in this bug.
Nicolas Lécureuil 2023-06-19 23:41:09 CEST

Depends on: 32018 => (none)

Comment 62 Raphael Gertz 2023-06-20 01:39:43 CEST
Quictls #31066 conflict with openssl bug has been fixed, it's patchset is in sync with openssl 3.0.9.

QUIC implementation is not expected in openssl until version 3.4 : https://www.openssl.org/roadmap.html

This library is required to rebuild haproxy with optional and disabled by default quic feature.
Comment 63 David Walser 2023-06-20 02:43:00 CEST
If it's optional can't it be built without it?
Comment 64 Raphael Gertz 2023-06-20 05:02:48 CEST
(In reply to David Walser from comment #63)
> If it's optional can't it be built without it ?

By default it's builded without.

The quictls library is a convenient optional dependency required to enable QUIC feature in haproxy and other network tools.

To enable bleeding edge protocol, it require a package rebuild with quic optional flag and uncomment related sections in config file.

rpmbuild -bb --with quic SPECS/haproxy.spec

It would be possible to add a similar quic option for the rest of the QUIC toolchain (curl/wget/etc) to have a easy way to get the features.

It is separated from openssl and package can't be build against it without patching build process to replace -lssl -lcrypto by -lcrypto-quic -lssl-quic at least.
Comment 65 David GEIGER 2023-06-20 07:23:54 CEST
Fixed/removed:

firefox-ext-mozvoikko
mozilla-plugin-aliedit
invictus-firewall
tmate
quvi
nrpe
perl-Net-IPv4Addr
anki
qca2
unarj
ogmrip
vino
gnome-shell-extension-topicons
transcode
pm-utils
libdmx
liblbxutil
liboldx
libxevie
libxfontcache
libxp
libxtrap
x11-driver-input-fpit
x11-driver-input-hyperpen
x11-driver-input-mutouch
x11-driver-input-penmount
x11-font-bitstream-speedo
xfindproxy
xfwp
xrx
xsetmode
python-flask-security
qt5-webkit
qt-mobility
acoustid-fingerprinter
python-vatnumber
zygrib
Comment 66 papoteur 2023-06-20 08:47:19 CEST
I removed pgadmin4. It is too complex to update because of fixed python modules, and more complex to maintain. Use upstream packages.
Comment 67 Nicolas Lécureuil 2023-06-20 09:57:55 CEST
openjfx
openjfx8 

Fixed too
Comment 68 David Walser 2023-06-20 13:02:08 CEST
TODO:
sugar desktop?
skopeo/buildah/podman
dhcp (its replacement needs to be packaged first)
libxxf86misc
quictls

anything else?
Comment 69 Nicolas Lécureuil 2023-06-20 14:52:54 CEST
i think we can remove sugar desktop. Nothing new in 2 yrs
Comment 70 Raphael Gertz 2023-06-20 15:11:20 CEST
(In reply to David Walser from comment #68)
> quictls

No David, quictls shoudn't be dropped, openssl will not support QUIC protocol until version 3.3, in years !

Did you take in consideration my comment #64 ???

Quictls bug #31066 was resolved, with other's time and help, to remove any conflict with openssl.

We don't seems to have a policy advocating to drop others library, be it a dependancy or simply optional:
https://wiki.mageia.org/en/Libraries_policy

Is there a real or political reason we should be made aware ?
https://github.com/haproxy/haproxy/issues/680#issuecomment-1433118828
Comment 71 David Walser 2023-06-20 15:19:49 CEST
You confirmed that it isn't required (and that someone would have to rebuild haproxy locally to use it).  We already previously decided we weren't going to support multiple openssl implementations when we dropped libressl.  Maybe you could put it in backports or something after Mageia 9 is branched.
Comment 72 David Walser 2023-06-20 15:20:42 CEST
We also should be looking here:
http://madb.mageia.org/tools/security

for unfixed security issues that haven't gotten any action, to see if there's anything else we can drop.
Comment 73 Raphael Gertz 2023-06-20 16:22:53 CEST
(In reply to David Walser from comment #71)
> You confirmed that it isn't required (and that someone would have to rebuild
> haproxy locally to use it).  We already previously decided we weren't going
> to support multiple openssl implementations when we dropped libressl.  Maybe
> you could put it in backports or something after Mageia 9 is branched.

I only find this bug report dating from mageia 6:
https://bugs.mageia.org/show_bug.cgi?id=17229

This was clearly a totaly different case, libressl would have replaced openssl in full and everything was to be rebuild against it.

I would have prefered to keep quictls in release and make it follow openssl patchset. It's not really a new version ported back in the distribution.

I will look into changing haproxy package to have haproxy-quicless (openssl) and haproxy-quic (quictls) as haproxy binary alternatives, this way user will have a simple choice to activate or disable quic feature, fine with it ?
Comment 74 David Walser 2023-06-21 05:27:43 CEST
We never tried to replace openssl with libressl.  We carried both packages for a bit, but it was not ideal.
Morgan Leijström 2023-06-24 22:22:11 CEST

Depends on: 28885 => (none)

Johnny A. Solbu 2023-06-26 17:38:11 CEST

CC: (none) => cooker

Comment 75 Morgan Leijström 2023-06-26 17:56:24 CEST
Open a new tracker bug for packages to be obsoleted before Mageia 10 release.

Summary: [TRACKER] Packages that need to be obsoleted => [TRACKER] Packages that need to be obsoleted for Mageia 9 release

Morgan Leijström 2023-07-20 09:35:40 CEST

Depends on: 30938 => (none)

Comment 76 Morgan Leijström 2023-07-20 11:39:51 CEST
(In reply to Morgan Leijström from comment #75)
> Open a new tracker bug for packages to be obsoleted before Mageia 10 release.

Bug 32127 - [TRACKER] Packages that need to be obsoleted for Mageia 10 release
Comment 77 Dave Hodgins 2023-08-25 02:51:20 CEST
Closing as no further changes will be made until updates for m9 start being
processed.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Morgan Leijström 2023-10-17 15:55:33 CEST

Depends on: 18706 => (none)

Morgan Leijström 2024-02-18 11:48:49 CET

Depends on: 31867 => (none)


Note You need to log in before you can comment on or make changes to this bug.