Bug 31867 - X.org unmaintained packages need to be dropped
Summary: X.org unmaintained packages need to be dropped
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: release_blocker normal
Target Milestone: Mageia 9
Assignee: All Packagers
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 30163
  Show dependency treegraph
 
Reported: 2023-05-04 17:10 CEST by David Walser
Modified: 2023-05-04 20:16 CEST (History)
0 users

See Also:
Source RPM: xfindproxy, libxfontcache, xfwp, xsetpointer, libxkbui, libxxf86misc, libdmx, liboldx, xsetmode, libxevie, libxtrap, x11-font-bitstream-speedo, xrx, libxp, liblbxutil, x11-driver-input-{mutouch,fpit,hyperpen,penmount}
CVE:
Status comment:


Attachments

Description David Walser 2023-05-04 17:10:58 CEST
X.org has announced several packages that they are no longer maintaining, which we should be dropping:
https://www.openwall.com/lists/oss-security/2023/05/02/3

I believe I got all of them listed in the Source RPM field, here they are with versions:
xfindproxy-1.0.4-4.mga9.src.rpm, libxfontcache-1.0.5-14.mga9.src.rpm, xfwp-1.0.3-8.mga9.src.rpm, xsetpointer-1.0.1-15.mga9.src.rpm, libxkbui-1.0.2-19.mga9.src.rpm, libxxf86misc-1.0.4-4.mga9.src.rpm, libdmx-1.1.4-4.mga9.src.rpm, liboldx-1.0.1-19.mga9.src.rpm, xsetmode-1.0.0-18.mga9.src.rpm, libxevie-1.0.3-13.mga9.src.rpm, libxtrap-1.0.1-10.mga9.src.rpm, x11-font-bitstream-speedo-1.0.2-10.mga9.src.rpm, xrx-1.0.4-10.mga9.src.rpm, libxp-1.0.4-1.mga9.src.rpm, liblbxutil-1.1.0-13.mga9.src.rpm, x11-driver-input-mutouch-1.3.0-28.mga9.src.rpm, x11-driver-input-fpit-1.4.0-27.mga9.src.rpm, x11-driver-input-hyperpen-1.4.1-33.mga9.src.rpm, x11-driver-input-penmount-1.5.0-27.mga9.src.rpm

We'll have to be careful, as some of them are currently required by other packages.
David Walser 2023-05-04 17:11:17 CEST

Target Milestone: --- => Mageia 9
Priority: Normal => release_blocker
Blocks: (none) => 30163

Comment 1 Lewis Smith 2023-05-04 20:16:07 CEST
Here are the packages to drop listed, hopefully in alphabetic order:
libdmx
liblbxutil
liboldx
libxevie
libxfontcache
libxp
libxtrap
libxxf86misc
x11-driver-input-fpit
x11-driver-input-hyperpen
x11-driver-input-mutouch
x11-driver-input-penmount
x11-font-bitstream-speedo
xfindproxy
xfwp
xrx
xsetmode

Inevitably assigning this globally, but it might need more than one packager to do it all - especially as
"some of them are currently required by other packages".

Assignee: bugsquad => pkg-bugs


Note You need to log in before you can comment on or make changes to this bug.