Fedora has issued an advisory today (May 27): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/ Apparently Golang issues fixed in Bug 30362 required a rebuild for affected code.
In Mageia 8, running clash under strace (without golang installed) shows no attempt to lookup or load golang libraries. It is loading qt4 libraries, and basic tests are working.
CC: (none) => davidwhodgins
That's why it would need rebuilt. It would be using routines that are built into it at build time.
From https://svnweb.mageia.org/packages/updates/8/clash/current/SPECS/clash.spec?revision=1684229&view=markup 21 BuildRequires: qt4-devel 22 BuildRequires: pkgconfig(libming) 23 BuildRequires: desktop-file-utils No buildrequires for golang. As libming1 is a c library,I don't see any indication clash uses go in either build or runtime.
OK, it looks like these clash's are two different pieces of software. We should be dropping any remaining Qt4 applications that haven't been ported to Qt5.
Summary: clash needs to be rebuilt for golang security issues => clash is unmaintained Qt4 application that should be droppedBlocks: (none) => 30163
Version: 8 => Cauldron
clash dropped with task-obsolete-9-108.mga9. https://svnweb.mageia.org/packages?view=revision&revision=1951206
Status: NEW => RESOLVEDCC: (none) => geiger.david68210Resolution: (none) => FIXED