On 2019-10-27 net-analyzer/zabbix was last rited for numerous issues. The same day it was unmasked: commit 19dd5997386e9e659591df87d1b6f6930058458e Author: Patrick Lauer <patrick@gentoo.org> AuthorDate: 2019-10-27 14:02:22 +0100 Commit: Patrick Lauer <patrick@gentoo.org> CommitDate: 2019-10-27 14:03:57 +0100 profiles/package.mask: drop zabbix mask Signed-off-by: Patrick Lauer <patrick@gentoo.org> However, the underlying issues (including security issues, that are confirmed not to be fixed) are still open. The maintainer has made exactly one commit to the package (on the same day), the co-maintainer hasn't done any commits. I'd like to propose that we last rite it again, and issue an official warning to Patrick that blocking package removal without actually fixing bugs / starting to maintain them is not acceptable.
QA, please vote on the following motion: --- net-analyzer/zabbix will be masked for security issues. If anyone wishes to unmask, he/she must at the very least resolve *all* security bugs and review the remaining bugs. Patrick Lauer is issued a warning not to unmask packages unless he is actually going to perform the necessary work. This applies both to zabbix and other packages masked in the future. ---
(In reply to Michał Górny from comment #1) > QA, please vote on the following motion: > > --- > net-analyzer/zabbix will be masked for security issues. If anyone wishes to > unmask, he/she must at the very least resolve *all* security bugs and review > the remaining bugs. > > Patrick Lauer is issued a warning not to unmask packages unless he is > actually going to perform the necessary work. This applies both to zabbix > and other packages masked in the future. > --- I vote yes
I vote yes. (Though I don't know why we must actually vote on this, the security team has the capacity to just mask the package.)
I vote yes.
jfyi, i'm working on fixing all the issues, have already something ready, just need to finetune it and test it.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9dd83ba9636be855abf97ac682cd55be731f0ce2 commit 9dd83ba9636be855abf97ac682cd55be731f0ce2 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2020-02-28 15:01:10 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2020-02-28 15:02:00 +0000 net-analyzer/zabbix: bumps + security fixes + rewritten + removed obsolete 1) many changes and improvements 2) config directory and files are not writeable by zabbix 3) creation of pid file disabled in zabbix, using s-s-d instead Bug: https://bugs.gentoo.org/629882 Bug: https://bugs.gentoo.org/709926 Bug: https://bugs.gentoo.org/629884 Closes: https://bugs.gentoo.org/665960 Closes: https://bugs.gentoo.org/670652 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> net-analyzer/zabbix/Manifest | 10 +- net-analyzer/zabbix/files/2.2/init.d/zabbix-agentd | 28 - net-analyzer/zabbix/files/2.2/init.d/zabbix-proxy | 27 - net-analyzer/zabbix/files/2.2/init.d/zabbix-server | 26 - .../zabbix/files/2.2/patches/zbx7479.patch | 83 --- .../zabbix/files/2.2/patches/zbx8151.patch | 53 -- net-analyzer/zabbix/files/2.2/zabbix_agent.conf | 81 --- net-analyzer/zabbix/files/2.2/zabbix_agentd.conf | 278 --------- net-analyzer/zabbix/files/2.2/zabbix_proxy.conf | 519 ---------------- net-analyzer/zabbix/files/2.2/zabbix_server.conf | 546 ----------------- net-analyzer/zabbix/files/3.0/init.d/zabbix-agentd | 28 - net-analyzer/zabbix/files/3.0/init.d/zabbix-proxy | 27 - net-analyzer/zabbix/files/3.0/init.d/zabbix-server | 26 - net-analyzer/zabbix/files/3.0/zabbix_agent.conf | 81 --- net-analyzer/zabbix/files/3.0/zabbix_agentd.conf | 390 ------------ net-analyzer/zabbix/files/3.0/zabbix_proxy.conf | 674 --------------------- net-analyzer/zabbix/files/3.0/zabbix_server.conf | 635 ------------------- .../zabbix/files/zabbix-3.0.30-mysql8.patch | 17 + .../zabbix-3.0.30-security-disable-PidFile.patch | 49 ++ ...fix.patch => zabbix-4.0.18-modulepathfix.patch} | 0 .../zabbix-4.0.18-security-disable-PidFile.patch | 49 ++ net-analyzer/zabbix/files/zabbix-agentd.init | 20 + net-analyzer/zabbix/files/zabbix-agentd.service | 10 +- .../zabbix-jmx-proxy => zabbix-jmx-proxy.conf} | 0 .../zabbix-jmx-proxy => zabbix-jmx-proxy.init} | 0 net-analyzer/zabbix/files/zabbix-proxy.init | 20 + net-analyzer/zabbix/files/zabbix-proxy.service | 8 +- net-analyzer/zabbix/files/zabbix-server.init | 19 + net-analyzer/zabbix/files/zabbix-server.service | 11 +- net-analyzer/zabbix/zabbix-2.2.16-r1.ebuild | 340 ----------- net-analyzer/zabbix/zabbix-3.0.28.ebuild | 330 ---------- .../{zabbix-3.4.15.ebuild => zabbix-3.0.30.ebuild} | 204 ++++--- net-analyzer/zabbix/zabbix-4.0.13.ebuild | 332 ---------- .../{zabbix-4.2.7.ebuild => zabbix-4.0.18.ebuild} | 207 ++++--- net-analyzer/zabbix/zabbix-4.4.0-r1.ebuild | 333 ---------- .../{zabbix-4.4.5.ebuild => zabbix-4.4.6.ebuild} | 204 ++++--- 36 files changed, 523 insertions(+), 5142 deletions(-)
waiting for review of the security issues, if all is ok will unmask...
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c13d1a00d3372475df99db6c23a90ad0294a3252 commit c13d1a00d3372475df99db6c23a90ad0294a3252 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2020-03-20 10:08:47 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2020-03-20 10:09:02 +0000 package.mask: unmasked net-analyzer/zabbix Bug: https://bugs.gentoo.org/629882 Bug: https://bugs.gentoo.org/629884 Bug: https://bugs.gentoo.org/709926 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> profiles/package.mask | 7 ------- 1 file changed, 7 deletions(-)
maybe it's a time to close this one?
this has been fixed long ago