Comment 1 Yury German 2017-09-12 00:30:28 UTC

Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.

net-analyzer/wireshark-2.4.1-r3 - In tree.

Comment 2 Aaron Bauman (RETIRED) 2017-10-26 01:31:45 UTC

2.2.x is still vulnerable.  Latest upstream is 2.2.10.  Please bump that branch or let us know if you intend to drop 2.2.x in favor of the latest stable versions in the 2.4.x branch.

Comment 3 Jeroen Roovers (RETIRED) 2017-10-27 01:33:49 UTC

(In reply to Aaron Bauman from comment #2)
> 2.2.x is still vulnerable.  Latest upstream is 2.2.10.  Please bump that
> branch or let us know if you intend to drop 2.2.x in favor of the latest
> stable versions in the 2.4.x branch.

Help yourselves.

Keywords for net-analyzer/wireshark:
         | a a a h i p p x a m m n r s s s | e u s          | r
         | l m r p a p p 8 r i 6 i i 3 h p | a n l          | e
         | p d m p 6 c c 6 m p 8 o s 9   a | p u o          | p
         | h 6   a 4   6   6 s k s c 0   r | i s t          | o
         | a 4         4   4     2 v     c |   e            |
         |                                 |   d            |
---------+---------------------------------+----------------+-------
2.2.7    | + + + + + + + + o o o o o o o + | 6 o 0/2.2.7    | gentoo
---------+---------------------------------+----------------+-------
[I]2.4.2 | o + ~ + o ~ ~ + ~ o o o o o o o | 6 o 0/2.4.2    | gentoo
---------+---------------------------------+----------------+-------
99999999 | o o o o o o o o o o o o o o o o | 6 o 0/99999999 | gentoo

Comment 4 Christopher Díaz Riveros (RETIRED) 2017-10-27 16:10:13 UTC

(In reply to Jeroen Roovers from comment #1 from bug 635546)
> Bug #625474	net-analyzer/wireshark: Multiple Vulnerabilities
> Bug #629370	net-analyzer/wireshark: multiple vulnerabilities
> Bug #629454	net-analyzer/wireshark: Modbus dissector crash (wnpa-sec-2017-40)
> Bug #634872	net-analyzer/wireshark: Multiple vulnerabilities
> (Bug #635546	net-analyzer/wireshark: Multiple vulnerabilities)
> 
> It's so confusing without versions, isn't it? Now of which of these is this
> bug report a duplicate?

Now the only version needed is wireshark 2.2.10, with that you'll be able to close all other reports, if you don't want to bump that version you can stabilize 2.4.x.

Thank you

Comment 5 Jeroen Roovers (RETIRED) 2017-10-28 13:17:09 UTC

(In reply to Christopher Díaz from comment #4)
> Now the only version needed is wireshark 2.2.10, with that you'll be able to
> close all other reports, if you don't want to bump that version you can
> stabilize 2.4.x.

We don't "need" 2.2.x at all. The 2.4 branch was promoted to stable in July.

Comment 6 Aaron Bauman (RETIRED) 2017-10-28 13:23:11 UTC

(In reply to Jeroen Roovers from comment #5)
> (In reply to Christopher Díaz from comment #4)
> > Now the only version needed is wireshark 2.2.10, with that you'll be able to
> > close all other reports, if you don't want to bump that version you can
> > stabilize 2.4.x.
> 
> We don't "need" 2.2.x at all. The 2.4 branch was promoted to stable in July.

I think that is quite obvious to all of us.  The problem is, we don't just drop maintainer owned packages because we feel like it.  So if you don't mind dropping 2.2.x then we can move forward.  If you want me to do it then so be it.

Comment 7 Jeroen Roovers (RETIRED) 2017-10-28 13:33:07 UTC

(In reply to Aaron Bauman from comment #6)
> The problem is, we don't just
> drop maintainer owned packages because we feel like it.  So if you don't
> mind dropping 2.2.x then we can move forward.  If you want me to do it then
> so be it.

Why don't you stabilise 2.4.2?

Comment 8 Aaron Bauman (RETIRED) 2017-10-28 14:08:45 UTC

@arches, please stabilize.

2.2.x branch will be dropped when we move to cleanup.

Comment 9 Stabilization helper bot 2017-10-28 15:01:00 UTC

An automated check of this bug failed - repoman reported dependency errors: 

> dependency.bad net-analyzer/wireshark/wireshark-2.4.2.ebuild: DEPEND: arm(default/linux/arm/13.0) ['media-libs/spandsp']
> dependency.bad net-analyzer/wireshark/wireshark-2.4.2.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['media-libs/spandsp']

Comment 10 Sergei Trofimovich (RETIRED) 2017-11-12 18:34:36 UTC

ppc64 stable

Comment 11 Sergei Trofimovich (RETIRED) 2017-11-18 20:57:05 UTC

ppc stable

Comment 12 Markus Meier 2017-11-19 15:08:59 UTC

arm stable, all arches done.

Comment 13 Stabilization helper bot 2017-11-19 18:01:02 UTC

An automated check of this bug failed - repoman reported dependency errors (7 lines truncated): 

> dependency.bad net-analyzer/wireshark/wireshark-2.4.2.ebuild: DEPEND: ia64(default/linux/ia64/13.0) ['app-arch/snappy']
> dependency.bad net-analyzer/wireshark/wireshark-2.4.2.ebuild: RDEPEND: ia64(default/linux/ia64/13.0) ['app-arch/snappy']
> dependency.bad net-analyzer/wireshark/wireshark-2.4.2.ebuild: DEPEND: ia64(default/linux/ia64/13.0/desktop) ['app-arch/snappy']

Comment 14 Sergei Trofimovich (RETIRED) 2017-11-19 20:46:15 UTC

ia64 stable

Comment 15 Aaron Bauman (RETIRED) 2018-03-25 18:45:48 UTC

2.2.x has been dekeyworded for all arches except alpha.  Cleanup of that version will be tracked in a newer bug.