Summary: | <app-text/recode-3.7.6: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | David Heidelberg (okias) <david> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | jstein, maksbotan, shell-tools |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/rrthomas/recode/commit/3e566ca4b17814de8bc100e3edadbed6e539874f | ||
See Also: |
https://github.com/gentoo/gentoo/pull/15304 https://github.com/gentoo/gentoo/pull/16906 https://bugs.gentoo.org/show_bug.cgi?id=517588 https://github.com/gentoo/gentoo/pull/18823 |
||
Whiteboard: | B3 [noglsa] | ||
Package list: |
app-text/recode-3.7.6-r1
|
Runtime testing required: | --- |
Bug Depends on: | 761873 | ||
Bug Blocks: |
Description
David Heidelberg (okias)
2020-04-11 11:29:35 UTC
Please confirm. https://repology.org/project/recode/versions#gentoo I'd missed this, sorry. In future, try do something like this: * File version bump bug (if you want, this is optional) * File bug in Security > Vulnerabilities (with a description of the bug in the title, if you want to be nice) --- @maintainer(s), please apply provided patch / bump to 3.7.6. TESTS: Summary: 486 good tests in 4.60 seconds. test and BDEPS fix coming into PR in few minutes. Please BUMP mentioned PR. https://github.com/gentoo/gentoo/pull/15304 (most likely non maintainer bump needed) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc9da233f44c2bcce96b01e364123b8fbc26be8e commit cc9da233f44c2bcce96b01e364123b8fbc26be8e Author: David Heidelberg <david@ixit.cz> AuthorDate: 2020-04-11 11:29:38 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-05-15 10:15:45 +0000 app-text/recode: bump to 3.7.6 - bump to EAPI 7 - switch to BDEPEND - tests are working now Bug: https://bugs.gentoo.org/717054 Signed-off-by: David Heidelberg <david@ixit.cz> Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-text/recode/Manifest | 1 + app-text/recode/recode-3.7.6.ebuild | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) Please let us know if ready to stable yet. Unable to check for sanity:
> no match for package: app-text/recode-3.7.6
All sanity-check issues have been resolved Let's go for it. arm stable arm64 stable amd64 stable x86 stable ppc64 stable ppc stable hppa stable sparc stable. Please cleanup. okias, it looks like there's an issue from dropping multilib in the bump: app-i18n/enca/enca-1.19-r2.ebuild: recode? ( app-text/recode:0=[${MULTILIB_USEDEP}] ) This is blocking cleanup of the old version (and indeed means users who have enca[recode] will be stuck with the old version). I guess we need to restore it, or drop USE=recode from enca. GLSA Vote: No! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=00fe6ef1f87a081ee5c826093440d60a9eab2c83 commit 00fe6ef1f87a081ee5c826093440d60a9eab2c83 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-01-24 13:48:39 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-01-24 13:49:58 +0000 app-text/recode: security cleanup Bug: https://bugs.gentoo.org/717054 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> app-text/recode/Manifest | 2 - app-text/recode/files/recode-3.6-as-if.patch | 19 ------- app-text/recode/files/recode-3.6-gettextfix.diff | 23 -------- app-text/recode/files/recode-3.6-recode.texi.patch | 11 ---- app-text/recode/recode-3.6_p20-r1.ebuild | 65 ---------------------- 5 files changed, 120 deletions(-) All done, finally! \o/ |