818718 – dev-ruby/bundler-2.2.25: security stabilization

Bug 818718 - dev-ruby/bundler-2.2.25: security stabilization

Summary: dev-ruby/bundler-2.2.25: security stabilization

Status:	RESOLVED DUPLICATE of bug 890915

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Stabilization (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Ruby Team

URL:
Whiteboard:
Keywords:	SECURITY

Depends on:	789957
Blocks:
	Show dependency tree

Reported:	2021-10-17 16:38 UTC by John Helmert III
Modified:	2023-02-18 16:14 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	dev-ruby/bundler-2.2.25 *
Runtime testing required:	---

Flags:	nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2021-10-17 16:38:32 UTC

Please stabilize, thanks!

Comment 1 Sam James archtester

2021-10-17 19:10:13 UTC

sparc done

Comment 2 Hans de Graaff gentoo-dev

2021-10-18 13:33:27 UTC

We cannot mark this version stable without further investigation of already pending bundler issues.

Not sure why you didn't follow normal process on this?

Comment 3 NATTkA bot gentoo-dev

2021-10-18 13:36:23 UTC Comment hidden (obsolete)

Keywords are not fully specified and arches are not CC-ed for the following packages:

- =dev-ruby/bundler-2.2.18

Comment 4 John Helmert III archtester

2021-10-18 14:05:48 UTC

(In reply to Hans de Graaff from comment #2)
> We cannot mark this version stable without further investigation of already
> pending bundler issues.

What bugs, so we can depend on them here?

> Not sure why you didn't follow normal process on this?

I asked for stabilization in June, and got zero response. I don't see any obvious bugs open for bundler-2.2.18, so I went ahead with stabilization since we have a pending security bug.

Comment 5 Hans de Graaff gentoo-dev

2021-10-23 06:57:03 UTC

(In reply to John Helmert III from comment #4)
> (In reply to Hans de Graaff from comment #2)
> > We cannot mark this version stable without further investigation of already
> > pending bundler issues.
> 
> What bugs, so we can depend on them here?
> 
> > Not sure why you didn't follow normal process on this?
> 
> I asked for stabilization in June, and got zero response. I don't see any
> obvious bugs open for bundler-2.2.18, so I went ahead with stabilization
> since we have a pending security bug.

I'll try to sort this out this weekend.

Comment 6 John Helmert III archtester

2021-10-23 12:18:37 UTC

(In reply to Hans de Graaff from comment #5)
> I'll try to sort this out this weekend.

Thanks!

Comment 7 John Helmert III archtester

2022-09-27 01:15:38 UTC

Need 2.2.33 for newer bug.

Comment 8 Jack 2022-11-15 18:13:35 UTC

It appears there is a 2.3.25 version, but portage only has 2.3.8-r1.  Is there any point in targeting a newer version?

Comment 9 John Helmert III archtester

2022-11-15 18:33:55 UTC

(In reply to Jack from comment #8)
> It appears there is a 2.3.25 version, but portage only has 2.3.8-r1.  Is
> there any point in targeting a newer version?

Yes, we need a fixed stable version. Ping ruby@.

Comment 10 Hans de Graaff gentoo-dev

2022-11-18 12:45:29 UTC

(In reply to Jack from comment #8)
> It appears there is a 2.3.25 version, but portage only has 2.3.8-r1.  Is
> there any point in targeting a newer version?

Normally rubygems versions (to which bundler is now linked) match up with dev-lang/ruby versions, so I'd rather not just pick a newer version.

Unfortunately I haven't made a lot of head-way with the issues mentioned earlier and I won't be able to work on this until next week.

Comment 11 Jack 2023-02-13 22:57:14 UTC

Does this need a subject change or closing?  2.2.33-r1 is marked stable and there are 2.3 and 2.4 versions marked testing.

Comment 12 John Helmert III archtester

2023-02-18 16:14:00 UTC


*** This bug has been marked as a duplicate of bug 890915 ***