Please remove the following ebuilds as they are vulnerable to GLSA 200802-08 ( http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml ) : =dev-libs/boost-1.33.1-r1 Note that other (unstable) atoms might be missing from this list that are vulnerable to the same GLSA. Please remove those as well.
+ 29 Jul 2009; Jeremy Olexa <darkside@gentoo.org> boost-1.33.1-r1.ebuild: + Remove keywords from boost-1.33.1-r1.ebuild except ~x86-fbsd because it is + vulnerable, bug 271712 @bsd: You have no other working boosts that you can keyword???
(In reply to comment #1) > + 29 Jul 2009; Jeremy Olexa <darkside@gentoo.org> boost-1.33.1-r1.ebuild: > + Remove keywords from boost-1.33.1-r1.ebuild except ~x86-fbsd because it is > + vulnerable, bug 271712 > > @bsd: You have no other working boosts that you can keyword??? no, because of bug #272086 ...
bsd, do you see the same errors on 1.35.0-r2? The bug report seems specific to 1.37.0-r1.
(In reply to comment #3) > bsd, do you see the same errors on 1.35.0-r2? The bug report seems specific to > 1.37.0-r1. Do we really want to bother with ancient boost? Bug #272086 should be fixed anyway and, I haven't tried for a while but, I recall not being able to compile any boost version besides the one keyworded (if I remember correctly the error was different). I can check again but this sounds more boost maintainers slacking and not fixing their bugs than a real problem thus I fail to see why I should spend hours backporting fixes to 1.35.
1.35 is the current stable so I thought I'd ask. If time does not allow it, waiting for boost maintainers sounds like the most future-proof option
as far as bsd is concerned, you can go ahead, i just keyworded latest boost. without much testing though, but it cant be worse.
Done: ------------------------------------------------------------------------------ Remove dev-libs/boost-1.33.1-r1 and related files (#271712). (Portage version: 2.1.6.13/cvs/Linux x86_64) ------------------------------------------------------------------------------ /var/cvsroot/gentoo-x86/dev-libs/boost/metadata.xml,v <-- metadata.xml new revision: 1.11; previous revision: 1.10 /var/cvsroot/gentoo-x86/dev-libs/boost/ChangeLog,v <-- ChangeLog new revision: 1.182; previous revision: 1.181 /var/cvsroot/gentoo-x86/dev-libs/boost/boost-1.33.1-r1.ebuild,v <-- boost-1.33.1-r1.ebuild new revision: delete; previous revision: 1.22 /var/cvsroot/gentoo-x86/dev-libs/boost/files/boost-alpha-threads.patch,v <-- files/boost-alpha-threads.patch new revision: delete; previous revision: 1.1 /var/cvsroot/gentoo-x86/dev-libs/boost/files/boost-1.33.1-gcc41_visit_each.patch,v <-- files/boost-1.33.1-gcc41_visit_each.patch new revision: delete; previous revision: 1.1 /var/cvsroot/gentoo-x86/dev-libs/boost/Manifest,v <-- Manifest new revision: 1.239; previous revision: 1.238