Summary: | [Tracking] dev-libs/libgcrypt 1.5 branch removal from stable | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Alon Bar-Lev (RETIRED) <alonbl> |
Component: | Current packages | Assignee: | Crypto team [DISABLED] <crypto+disabled> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alonbl, grknight, idl0r, k_f, pacho, rossi.f, steffen.weber |
Priority: | Normal | Keywords: | Tracker |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=656372 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 567372, 567376, 567380, 585366 | ||
Bug Blocks: | 541564, 559942 |
Description
Alon Bar-Lev (RETIRED)
2015-12-02 20:14:47 UTC
You will also need libgcrypt:11/11 stable or see if dev-db/xtrabackup-bin can use the new libgcrypt in a version bump (In reply to Brian Evans from comment #1) > You will also need libgcrypt:11/11 stable or see if dev-db/xtrabackup-bin > can use the new libgcrypt in a version bump hmmm... I thought that -bin packages are not going to stable branch. we cannot make this libgcrypt stable as it has security issues see bug#541564. (In reply to Alon Bar-Lev from comment #2) > (In reply to Brian Evans from comment #1) > > You will also need libgcrypt:11/11 stable or see if dev-db/xtrabackup-bin > > can use the new libgcrypt in a version bump > > hmmm... I thought that -bin packages are not going to stable branch. > we cannot make this libgcrypt stable as it has security issues see > bug#541564. @idl0r: Now we have an issue with xtrabackup-bin needing libgcrypt.so.11. Even the latest 2.3.2 upstream still looks for it. Also latest vmware-workstation-12.1.0.3272444 (not yet in portage) is shipped with libgcrypt.so.11 (however I have not tested yet with latest libgcrypt version). As a side note (as I see multiple reverse dep from closed source packages needing it), it seems that Debian people are still maintaining the old .11 version for that (it is also the version Arch people are relying to for trying to have the security bugs fixed) https://tracker.debian.org/pkg/libgcrypt11 libgcrypt in branch 0/11 (stable 1.5) will be dropped soon, any application still requiring 1.5 will need to be changed to use 11/11 which means being dropped to ~arch as this slot will NOT be stabilized. I'll bump 1.5.6 in 11/11 slot due to security bug, but this branch is not really still supported. Any application relying on 1.5 still should be fixed to use 1.7 (ABI and API compatible with 1.6 The necessary reverse dependencies have already been properly updated, so removal is now done commit d266cee915c186a65e4ac94e9726744c37077cdf Author: Kristian Fiskerstrand <k_f@gentoo.org> Date: Thu Aug 18 10:38:10 2016 +0200 dev-libs/libgcrypt: Remove vulnerable 1.5.5 in 0/11 slot This is the final package version in 0/11 slot Gentoo-Bug: 567382 Gentoo-Bug: 591534 Package-Manager: portage-2.3.0 Removed from stable, sufficient for this tracker for now, will rather re-open if we want to drop testing support at a later stage |