commit: 1029e7bca66676be009d086091823465f107bd2e Author: Göktürk Yüksek <gokturk <AT> gentoo <DOT> org> AuthorDate: Wed Nov 8 23:55:59 2017 +0000 Commit: Göktürk Yüksek <gokturk <AT> gentoo <DOT> org> CommitDate: Wed Nov 8 23:55:59 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1029e7bc
app-forensics/sleuthkit: remove vulnerable version 4.4.2 #629352 This version is vulnerable to the following CVEs: CVE-2017-13755, CVE-2017-13756, CVE-2017-13760 Bug: https://bugs.gentoo.org/629352 Package-Manager: Portage-2.3.8, Repoman-2.3.2 app-forensics/sleuthkit/Manifest | 1 - app-forensics/sleuthkit/sleuthkit-4.4.2.ebuild | 175 ------------------------- 2 files changed, 176 deletions(-) diff --git a/app-forensics/sleuthkit/Manifest b/app-forensics/sleuthkit/Manifest index c885af37b03..a61fcbd960e 100644 --- a/app-forensics/sleuthkit/Manifest +++ b/app-forensics/sleuthkit/Manifest @@ -2,6 +2,5 @@ DIST sleuthkit-4.0.2.tar.gz 7577570 SHA256 112f80fbc6a868c18c7a924f756b35c79eed9 DIST sleuthkit-4.1.0.tar.gz 7974564 SHA256 b410428df2e1b253fa23ce6a299d059d8c2650bf9c602f7b80c0f4ce1368c36a SHA512 1cfa96bd3746c59c92c3e3f07f5f3f0f6896239bcaec012c43958654bb63794ecf9d7bd28bb9b4ab939558f4b27f03cd87f645ea91a8f9cfbb9037df93ef5223 WHIRLPOOL 20856982b77ecbdd1ed3b7c147e4340461830f0238ba7cdc17da3159f5a666df5b3d490760699d25d2896289c811f615ffb4160d163f9917f09e57a37ff26a21 DIST sleuthkit-4.1.2.tar.gz 7990136 SHA256 58253b35c016083558fb581308f4a3baf884229de89eb84ddbfb977ed56600d3 SHA512 1f64acf42e86adf275bcd86c63c097210a498ac34ce69e64b3c120d86dffae65b5d57ed9618692dd510f637e940a48a60912dd57c8de840bf3a2b4428baabab8 WHIRLPOOL 1298a345416bec11564007c41474010cbddc26289aee025f31ecd2b7069f0d16ca81eeb07a292e38d91d6b34c3a891fad8a2f4b42bfd4df96053469d25dc8c65 DIST sleuthkit-4.1.3.tar.gz 7952733 SHA256 67f9d2a31a8884d58698d6122fc1a1bfa9bf238582bde2b49228ec9b899f0327 SHA512 66f6ac32da5a21b3505390557ed6cf7bbcfcca69f231e20a7086fd48c5de45a3f064a716837d25eb582d0a89bae3b6ba7e89dcf3159e1cacdb4b5d452d0ce9a2 WHIRLPOOL 34d59163812d5e2b135d6d3a05bc9bed2f2739ab47bd77ed25ee3162eaf7389fec40a7b187745ef65b9596877399884d3081f2f4549fc0c4390382ec247174bc -DIST sleuthkit-4.4.2.tar.gz 8572974 SHA256 135964463f4b0a58fcd95fdf731881fcd6f2f227eeb8ffac004880c8e4d8dd53 SHA512 970704c0e650b54df49d92f7a5c82d1c8cd37f589bf1a90ba5df6b3cd26a4e3676fbbbf58a176eeb002cdefbd33fb1fc057b11256b4a3cf1b8f782beb618a1de WHIRLPOOL 8f68e2360d8ad82912898f7e07c4620183f4e19a40b5193966815dca7efa139cf00802d54303164e9c2a5364e5af3bfe4da937869deb615760fb70fba4ddce87 DIST sleuthkit-4.5.0.tar.gz 8611141 SHA256 f74eb16e717598056a5664ae842d8acd276acfc340e8ebbd87d0948167e789ac SHA512 911890cacca739f121681514197104cb2dc3bd219f3e068c4ce61264498c56989359976fc75172e1f456c94e4e25c6206413b0234c36e55736a577b8e664e4b3 WHIRLPOOL 6fd18e7a3a0c31b81061ea4a1b9d15b6481dc84e3168ab9d393a3055290dbba5867b57ba053fbe1f8263b1973bcec961f5e90e84eff987ec49404449ebc111fd DIST sqlite-jdbc-3.8.11.jar 5131732 SHA256 0e36f2ec132dd67ecaeecc98bb17e5c215a077991e2a068a490d954b1bf2de8d SHA512 5f4705101992e8916e29742c560aef0d01eba9dc0d2d984b75a77e56be3c9fd20b284390fe8f9bb54bf9d1f8528c3413922684c446212ca8961ac731543fb179 WHIRLPOOL e8e34e10821e308dbd16cfecf1a332a60d8b34067f48fdc8adebc07fd1cb578a1f921fe57db4ac02d4fe11699a6a96a06543817027fe173852fda8ff3d625cce diff --git a/app-forensics/sleuthkit/sleuthkit-4.4.2.ebuild b/app-forensics/sleuthkit/sleuthkit-4.4.2.ebuild deleted file mode 100644 index adf6fcbf46e..00000000000 --- a/app-forensics/sleuthkit/sleuthkit-4.4.2.ebuild +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -JAVA_PKG_BSFIX_NAME="build.xml build-unix.xml" -inherit autotools java-pkg-opt-2 java-ant-2 - -DESCRIPTION="A collection of file system and media management forensic analysis tools" -HOMEPAGE="https://www.sleuthkit.org/sleuthkit/"; -# TODO: sqlite-jdbc does not exist in the tree, we bundle it for now -SRC_URI="https://github.com/${PN}/${PN}/releases/download/${P}/${P}.tar.gz - java? ( http://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.8.11/sqlite-jdbc-3.8.11.jar )" - -LICENSE="CPL-1.0 GPL-2+ IBM java? ( Apache-2.0 )" -SLOT="0/13" # subslot = major soname version -KEYWORDS="~amd64 ~hppa ~ppc ~x86" -IUSE="aff doc ewf java static-libs test +threads zlib" - -DEPEND=" - dev-db/sqlite:3 - dev-lang/perl:* - aff? ( app-forensics/afflib ) - ewf? ( app-forensics/libewf:= ) - java? ( - >=virtual/jdk-1.8:* - >=dev-java/c3p0-0.9.5:0 - >=dev-java/jdbc-postgresql-9.4:0 - ) - zlib? ( sys-libs/zlib ) -" -RDEPEND="${DEPEND} - java? ( >=virtual/jre-1.8:= ) -" -DEPEND="${DEPEND} - doc? ( app-doc/doxygen ) - test? ( >=dev-util/cppunit-1.2.1 ) -" - -PATCHES=( - "${FILESDIR}"/${PN}-4.1.0-tools-shared-libs.patch - "${FILESDIR}"/${PN}-4.4.2-c89-fix.patch -) - -TSK_JAR_DIR="${S}/bindings/java/lib" - -src_unpack() { - local f - - unpack ${P}.tar.gz - - # Copy the jar files that don't exist in the tree yet - if use java; then - mkdir "${TSK_JAR_DIR}" || die - for f in ${A}; do - if [[ ${f} =~ .jar$ ]]; then - cp "${DISTDIR}"/"${f}" "${TSK_JAR_DIR}" || die - fi - done - fi -} - -src_prepare() { - if use java; then - pushd "${S}"/bindings/java &>/dev/null || die - - # Prevent "make install" from installing - # jar files under /usr/share/java - # We'll use the java eclasses for this - sed -e '/^jar_DATA/ d;' -i Makefile.am || die - - # Disable dependency retrieval using ivy - # We will handle it ourselves - sed -e '/name="compile"/ s/, retrieve-deps//' \ - -e '/name="dist-/ s/, init-ivy//g' \ - -i build.xml || die - - # Even if static libs are disabled, the build system looks for - # the static library and fails if not present - # Disable that check - use static-libs || sed -e '/<fail unless="present" message="JNI/ d;' \ - -i build-unix.xml || die - - java-pkg-opt-2_src_prepare - - popd &>/dev/null || die - fi - - # Override the doxygen output directories - if use doc; then - sed -e "/^OUTPUT_DIRECTORY/ s|=.*$|= ${T}/doc|" \ - -i tsk/docs/Doxyfile \ - -i bindings/java/doxygen/Doxyfile || die - fi - - # It's safe to call this even after java-pkg-opt-2_src_prepare - # because future calls to eapply_user do nothing and return 0 - default - - eautoreconf -} - -src_configure() { - local myeconfargs=( - $(use_enable java) - $(use_enable static-libs static) - $(use_enable threads multithreading) - $(use_with aff afflib) - $(use_with ewf libewf) - $(use_with zlib) - ) - - if use java; then - pushd "${S}"/bindings/java &>/dev/null || die - java-ant-2_src_configure - popd &>/dev/null || die - fi - - econf "${myeconfargs[@]}" -} - -src_compile() { - # Create symlinks of jars for the required dependencies - if use java; then - pushd "${S}"/bindings/java &>/dev/null || die - - java-pkg_jar-from --into "${TSK_JAR_DIR}" c3p0 - java-pkg_jar-from --into "${TSK_JAR_DIR}" jdbc-postgresql - - popd &>/dev/null || die - fi - - # Create the doc output dirs if requested - if use doc; then - mkdir -p "${T}"/doc/{api-docs,jni-docs} || die - fi - - emake all $(usex doc api-docs "") -} - -src_install() { - local f - - if use java; then - pushd "${S}"/bindings/java &>/dev/null || die - - java-pkg_dojar dist/Tsk_DataModel.jar - - # Install the bundled jar files - pushd "${TSK_JAR_DIR}" &>/dev/null || die - for f in *; do - # Skip the symlinks java-pkg_jar-from created - [[ -f ${f} ]] || continue - - # Strip the version numbers as per eclass recommendation - [[ ${f} =~ -([0-9].)+.jar$ ]] || continue - - java-pkg_newjar "${f}" "${f/${BASH_REMATCH[0]}/.jar}" - done - popd &>/dev/null || die - - popd &>/dev/null || die - fi - - default - - # It unconditionally builds both api and jni docs - # We install conditionally based on the provided use flags - if use doc; then - dodoc -r "${T}"/doc/api-docs - use java && dodoc -r "${T}"/doc/jni-docs - fi - - find "${D}" -name '*.la' -delete || die -}
