Bug 30486 - clash is unmaintained Qt4 application that should be dropped
Summary: clash is unmaintained Qt4 application that should be dropped
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Matteo Pasotti
QA Contact: Sec team
Depends on:
Blocks: 30163
  Show dependency treegraph
Reported: 2022-05-27 13:30 CEST by David Walser
Modified: 2023-04-02 08:12 CEST (History)
2 users (show)

See Also:
Source RPM: clash-0.4.5-13.mga8.src.rpm
Status comment:


Description David Walser 2022-05-27 13:30:09 CEST
Fedora has issued an advisory today (May 27):

Apparently Golang issues fixed in Bug 30362 required a rebuild for affected code.
Comment 1 Dave Hodgins 2022-05-27 19:00:42 CEST
In Mageia 8, running clash under strace (without golang installed) shows no
attempt to lookup or load golang libraries. It is loading qt4 libraries, and
basic tests are working.

CC: (none) => davidwhodgins

Comment 2 David Walser 2022-05-27 19:25:34 CEST
That's why it would need rebuilt.  It would be using routines that are built into it at build time.
Comment 3 Dave Hodgins 2022-05-27 20:38:52 CEST
From https://svnweb.mageia.org/packages/updates/8/clash/current/SPECS/clash.spec?revision=1684229&view=markup
21	BuildRequires:  qt4-devel
22	BuildRequires:  pkgconfig(libming)
23	BuildRequires:  desktop-file-utils

No buildrequires for golang. As libming1 is a c library,I don't see any
indication clash uses go in either build or runtime.
Comment 4 David Walser 2022-05-27 20:42:40 CEST
OK, it looks like these clash's are two different pieces of software.  We should be dropping any remaining Qt4 applications that haven't been ported to Qt5.

Summary: clash needs to be rebuilt for golang security issues => clash is unmaintained Qt4 application that should be dropped
Blocks: (none) => 30163

Dave Hodgins 2022-05-27 20:53:46 CEST

Version: 8 => Cauldron

Comment 5 David GEIGER 2023-04-02 08:12:58 CEST
clash dropped with task-obsolete-9-108.mga9.


CC: (none) => geiger.david68210
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.