Probably quite early but we should start thinking about it. Or dropping stable keywords from the only multilib revdep :).
(In reply to Michał Górny from comment #0) > Or dropping stable keywords from the only multilib revdep :). What are you talking about?
(In reply to Davide Pesavento from comment #1) > (In reply to Michał Górny from comment #0) > > Or dropping stable keywords from the only multilib revdep :). > > What are you talking about? games-kids/crayon-physics is the only stable thing needing multilib Qt4. We can either stabilize Qt4 or drop stable keywords from it to make way for no-emul-linux-x86 stable systems.
It's clearly too early to stabilize 4.8.6-r1, plus there are known regressions. Please drop that package to ~arch. It should have never gone stable anyway.
(In reply to Davide Pesavento from comment #3) > It's clearly too early to stabilize 4.8.6-r1, plus there are known > regressions. > Please drop that package to ~arch. It should have never gone stable anyway. Just to be clear, it went stable using emul-linux-x86-qtlibs.
*** Bug 545026 has been marked as a duplicate of this bug. ***
*** Bug 545098 has been marked as a duplicate of this bug. ***
*** Bug 545100 has been marked as a duplicate of this bug. ***
I think at this point it's better to CC arches and proceed with the stabilization.
Arches, please test and mark stable: dev-qt/assistant-4.8.6-r1 dev-qt/designer-4.8.6-r1 dev-qt/linguist-4.8.6-r1 dev-qt/pixeltool-4.8.6-r1 dev-qt/qdbusviewer-4.8.6-r1 dev-qt/qt3support-4.8.6-r1 dev-qt/qtbearer-4.8.6-r1 dev-qt/qtcore-4.8.6-r2 dev-qt/qtdbus-4.8.6-r1 dev-qt/qtdeclarative-4.8.6-r1 dev-qt/qtdemo-4.8.6-r1 dev-qt/qtgui-4.8.6-r4 dev-qt/qthelp-4.8.6-r3 dev-qt/qtmultimedia-4.8.6-r1 dev-qt/qtopengl-4.8.6-r1 dev-qt/qtopenvg-4.8.6-r1 dev-qt/qtphonon-4.8.6-r1 dev-qt/qtscript-4.8.6-r2 dev-qt/qtsql-4.8.6-r1 dev-qt/qtsvg-4.8.6-r1 dev-qt/qttest-4.8.6-r1 dev-qt/qttranslations-4.8.6-r1 dev-qt/qtwebkit-4.8.6-r1 dev-qt/qtxmlpatterns-4.8.6-r1 Some ebuilds have not been keyworded on certain minor arches, so on those arches the specific ebuilds can be skipped.
Note that 4.8.6-r1 is especially important for amd64, because it introduces eclass-based multilib, and has multiple related fixes. Other arches may opt to wait until 4.8.7, which is expected to be released next week, and for which we will file a stable request within a month after release.
(In reply to Ben de Groot from comment #9) > Arches, please test and mark stable: > > dev-qt/assistant-4.8.6-r1 > dev-qt/designer-4.8.6-r1 > dev-qt/linguist-4.8.6-r1 > dev-qt/pixeltool-4.8.6-r1 > dev-qt/qdbusviewer-4.8.6-r1 > dev-qt/qt3support-4.8.6-r1 > dev-qt/qtbearer-4.8.6-r1 > dev-qt/qtcore-4.8.6-r2 > dev-qt/qtdbus-4.8.6-r1 > dev-qt/qtdeclarative-4.8.6-r1 > dev-qt/qtdemo-4.8.6-r1 > dev-qt/qtgui-4.8.6-r4 > dev-qt/qthelp-4.8.6-r3 > dev-qt/qtmultimedia-4.8.6-r1 > dev-qt/qtopengl-4.8.6-r1 > dev-qt/qtopenvg-4.8.6-r1 > dev-qt/qtphonon-4.8.6-r1 > dev-qt/qtscript-4.8.6-r2 > dev-qt/qtsql-4.8.6-r1 > dev-qt/qtsvg-4.8.6-r1 > dev-qt/qttest-4.8.6-r1 > dev-qt/qttranslations-4.8.6-r1 > dev-qt/qtwebkit-4.8.6-r1 > dev-qt/qtxmlpatterns-4.8.6-r1 > > Some ebuilds have not been keyworded on certain minor arches, so on those > arches the specific ebuilds can be skipped. ++ dev-qt/qtchooser
amd64 stable
x86 stable
Stable for HPPA PPC64.
ppc stable
CVE-2015-1860 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1860): Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted GIF image.
arm stable
Stable on alpha. Removed associated mask.
ia64 stable
sparc stable.
Awesome, that was the last arch therefore we can finally close this bug. Removal of the vulnerable version(s) will be handled in bug 546174.