media-sound/teamspeak-server-bin-3.0.11.4 is out! :) eBuild renaming seems enough. === Server Release 3.0.11.4 24 august 2015 - fixed DOS vulnerability - fixed clients dropping with "convert error" - added some timing logs
Converting this version bump into a security bug
Will be this bumped? I am running the old renamed ebuild without any problems..
Would you like to proxy maintain this? https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers
(In reply to Pacho Ramos from comment #3) > Would you like to proxy maintain this? > https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers I've never done this before, but why not. I would be interested. What would be the next steps?
Well, proxy-maint are already CCed, you should attach here the updated ebuild to let them review... also, remember that usually blindly renames are not enough and you should review Changes between versions to see if something in the ebuild (new dependencies, new options to handle...) needs to be changed Thanks
(In reply to Conrad Kostecki from comment #4) > (In reply to Pacho Ramos from comment #3) > > Would you like to proxy maintain this? > > https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers > > I've never done this before, but why not. I would be interested. > What would be the next steps? First thing is you note pacho's comment about "usually blindly renames are not enough". Second thing you do is re-read it. Then I suggest you go through the tarballs with a fine tooth comb and re-check the bumped ebuild . In between i suggest you /j #gentoo-proxy-maintianers. Read the channel's title caption.
(In reply to Pacho Ramos from comment #5) > Well, proxy-maint are already CCed, you should attach here the updated > ebuild to let them review... also, remember that usually blindly renames are > not enough and you should review Changes between versions to see if > something in the ebuild (new dependencies, new options to handle...) needs > to be changed Hi Pacho, i understand, what you mean. I have already a couple of eBuilds, which I am updating in my local overlay. Mostly, this are packages, which are "maintainer-eeded". And I know, that not every update is just eBuild renaming etc.. Many thanks for your advise. (In reply to Ian Delaney from comment #6) > First thing is you note pacho's comment about "usually blindly renames are > not enough". Second thing you do is re-read it. Then I suggest you go > through the tarballs with a fine tooth comb and re-check the bumped ebuild Teamspeak itself writes, that this is only a hotfix and no new features or changes. The only addition, which I've made to the ebuild, is currently an printed advise after the installation/update to block older clients, as teamspeak recommends this for the new teamspeak client. See here: http://forum.teamspeak.com/showthread.php/120755-SECURITY-UPDATE-TeamSpeak-3-Client-3-0-18-1-is-Available > In between i suggest you /j #gentoo-proxy-maintianers. Read the channel's > title caption. I will do, thanks. Cheers Conrad
Created attachment 414690 [details] teamspeak-server-bin-3.0.11.4.ebuild
Created attachment 414692 [details, diff] teamspeak-server-bin-3.0.11.4.ebuild.diff
This package has a fetch restriction in place. Can you possibly acquire the tarballs and make them available so I can runtest?
(In reply to Ian Delaney from comment #10) > This package has a fetch restriction in place. Can you possibly acquire the > tarballs and make them available so I can runtest? http://dl.4players.de/ts/releases/3.0.11.4/teamspeak3-server_linux-amd64-3.0.11.4.tar.gz http://dl.4players.de/ts/releases/3.0.11.4/teamspeak3-server_linux-x86-3.0.11.4.tar.gz DIST teamspeak3-server_linux-amd64-3.0.11.4.tar.gz 5024057 SHA256 92123aff892740c88acc30a6e3e4df1615be44f9780acd396d663bac91323a40 SHA512 4e1d04e9943f02e1bc5042da0ee3cee3520a56eac9102c02ae6415e179a1daa4f8480c55eaa01c2c1d37a3c2bf6bd90b081131ea177a78f73ce2eddfb791224a WHIRLPOOL 19e1d3726d2782cca51495d6f7f034819596c3e04cacbd784c055b2baad03bf1aa92aa24223aa9f67f7ee5f1125c83556ed454bc9ceb62c14e0eb3166148c3f7 DIST teamspeak3-server_linux-x86-3.0.11.4.tar.gz 5178378 SHA256 ca25c53aaf61f2111ba425263cd782d1556b42d579607f5390268676645c8dd2 SHA512 6bb6edbb9f8e7b5aeadfae4e9e01da6be113348648cf307d92132eb1f9e6e09406c69ec5f2769b51a0cae17776899c99e0867963dd39a515f802e01dc285d8b3 WHIRLPOOL f5a5123c99ed41e1032d96a2396e3de1c957fb4dd12ec11407f28e8768325cfb85fb5314961b1e91a2c5d34ed7226d5df417d02fc50fc95d11e96b16312fba32 Or do you want, that I actually upload the *.tar.gz-packages here?
Tested ebuild + patch. Merge's wiht out warning or error.
Tested ebuild + patch. Merge's with out warning or error. Fetched the tarball myself
commit 3bc7c56b1612961669fb9e790e67295fb49e6b76 Author: Ian Delaney <idella4@gentoo.org> Date: Sat Oct 17 08:00:08 2015 +0800 media-sound/teamspeak-server-bin: bump to -3.0.11.4 Added new proxy maintainer C. Kosteki to metadata under proxy-maintainers herd, bump submitted via the gentoo bug, cross tested by user 'undersys', vulnerable version cleaned Gentoo bug: #559112 (Security bug) See Conrad Kostecki is set as proxy maintainer
Since 3.0.11.4 is in portage, should be this bug closed, as it's the only one release in portage?
(In reply to Conrad Kostecki from comment #15) > Since 3.0.11.4 is in portage, should be this bug closed, as it's the only > one release in portage? Yup. Proprietary software so no CVE followup through our usual channels and since it is not in stable no GLSA is needed for this.