Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 476172

Summary: dev-scheme/chicken-4.8.0.3-r1: stabilization request
Product: Gentoo Linux Reporter: Michael Weber (RETIRED) <xmw>
Component: [OLD] Keywording and StabilizationAssignee: erik falor <ewfalor>
Status: RESOLVED FIXED    
Severity: normal CC: maksbotan, proxy-maint, scheme, security
Priority: Normal Keywords: STABLEREQ
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 462458, 467966, 469392    

Description Michael Weber (RETIRED) gentoo-dev 2013-07-08 13:47:07 UTC 
Hello,

I've added the CVE patches for the .scm files and created a tarball with the resulting .c files. Otherwise build system would try to generate these with "chicken" which is not yet available during initial install.

Please remove the PMASK if you approve and mask/remove all older versions.
I don't want to stand responsible for this situation with known but ignored security issues.

Michael
Comment 1 Michael Weber (RETIRED) gentoo-dev 2013-07-08 13:47:55 UTC 
+*chicken-4.8.0.3-r1 (08 Jul 2013)
+             
+  08 Jul 2013; Michael Weber <xmw@gentoo.org> +chicken-4.8.0.3-r1.ebuild,
+  +files/chicken-4.8.0.3-CVE-2013-1874.patch,
+  +files/chicken-4.8.0.3-CVE-2013-2024.patch,
+  +files/chicken-4.8.0.3-CVE-2013-2075_1.patch,
+  +files/chicken-4.8.0.3-CVE-2013-2075_2.patch:
+  Revbump to include security patches (bugs 462458, 469392, 467966)
+
Comment 2 erik falor 2013-07-08 23:12:16 UTC 
Thanks for the patches, Michael.  I'm checking this out even now.
Comment 3 erik falor 2013-07-09 04:28:33 UTC 
I have compared these patches with upstream's git repo.  They look good and build clean.
Comment 4 Chris Reffett (RETIRED) gentoo-dev Security 2013-07-09 10:39:47 UTC 
Uh, not fixed yet. Now we ask the arch teams to stabilize it. Arches, please stabilize =dev-scheme/chicken-4.8.0.3-r1, target arches alpha amd64 ppc ppc64 x86. Thanks!
Comment 5 Agostino Sarubbo gentoo-dev 2013-07-13 06:51:24 UTC 
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-07-13 06:51:44 UTC 
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-07-13 17:59:21 UTC 
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-07-13 19:12:26 UTC 
ppc64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-07-14 14:18:43 UTC 
alpha stable. Last arch, closing