The full severity of CVE-2018-17144 has been prematurely leaked/disclosed (see https://bitcoincore.org/en/2018/09/20/notice/ for details), so it's kind of urgent to get this merged ASAP. PR at https://github.com/gentoo/gentoo/pull/9907
*** Bug 666665 has been marked as a duplicate of this bug. ***
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35caca435f172d52f62b9a9119a7234770f662f9 commit 35caca435f172d52f62b9a9119a7234770f662f9 Author: Luke Dashjr <luke-jr+git@utopios.org> AuthorDate: 2018-09-18 15:57:26 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-09-21 12:38:01 +0000 dev-util/bitcoin-tx: Bump to 0.16.3 Signed-off-by: Luke Dashjr <luke-jr+git@utopios.org> Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Bug: https://bugs.gentoo.org/666669 dev-util/bitcoin-tx/Manifest | 2 + dev-util/bitcoin-tx/bitcoin-tx-0.16.3.ebuild | 98 ++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f826abec95faa662523e1ce797ee2b9256d9c562 commit f826abec95faa662523e1ce797ee2b9256d9c562 Author: Luke Dashjr <luke-jr+git@utopios.org> AuthorDate: 2018-09-18 15:55:14 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-09-21 12:37:57 +0000 net-libs/libbitcoinconsensus: Bump to 0.16.3 Signed-off-by: Luke Dashjr <luke-jr+git@utopios.org> Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Bug: https://bugs.gentoo.org/666669 net-libs/libbitcoinconsensus/Manifest | 2 + .../libbitcoinconsensus-0.16.3.ebuild | 95 ++++++++++++++++++++++ 2 files changed, 97 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2bb81035351ee4da03befedbce1c41765ad09a11 commit 2bb81035351ee4da03befedbce1c41765ad09a11 Author: Luke Dashjr <luke-jr+git@utopios.org> AuthorDate: 2018-09-18 15:53:51 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-09-21 12:37:57 +0000 net-p2p/bitcoin-cli: Bump to 0.16.3 Signed-off-by: Luke Dashjr <luke-jr+git@utopios.org> Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Bug: https://bugs.gentoo.org/666669 net-p2p/bitcoin-cli/Manifest | 2 + net-p2p/bitcoin-cli/bitcoin-cli-0.16.3.ebuild | 97 +++++++++++++++++++++++++++ 2 files changed, 99 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2d3e52654733b3f973d8ea7b3f0ea41bf00dec8 commit d2d3e52654733b3f973d8ea7b3f0ea41bf00dec8 Author: Luke Dashjr <luke-jr+git@utopios.org> AuthorDate: 2018-09-18 15:50:53 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-09-21 12:37:57 +0000 net-p2p/bitcoind: Bump to 0.16.3 Signed-off-by: Luke Dashjr <luke-jr+git@utopios.org> Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Bug: https://bugs.gentoo.org/666669 net-p2p/bitcoind/Manifest | 2 + net-p2p/bitcoind/bitcoind-0.16.3.ebuild | 163 ++++++++++++++++++++++++++++++++ 2 files changed, 165 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f73c62f7d8ebc6689028191b516c81440869c4a commit 9f73c62f7d8ebc6689028191b516c81440869c4a Author: Luke Dashjr <luke-jr+git@utopios.org> AuthorDate: 2018-09-18 15:46:59 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-09-21 12:37:55 +0000 net-p2p/bitcoin-qt: Bump to 0.16.3 Signed-off-by: Luke Dashjr <luke-jr+git@utopios.org> Closes: https://github.com/gentoo/gentoo/pull/9907 Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Bug: https://bugs.gentoo.org/666669 net-p2p/bitcoin-qt/Manifest | 2 + net-p2p/bitcoin-qt/bitcoin-qt-0.16.3.ebuild | 182 ++++++++++++++++++++++++++++ 2 files changed, 184 insertions(+)
The vulnerability hasn't been categorized by the security team yet, but let's start a stable request regardless...
An automated check of this bug failed - repoman reported dependency errors (101 lines truncated): > dependency.bad net-p2p/bitcoin-qt/bitcoin-qt-0.16.3.ebuild: DEPEND: arm(default/linux/arm/13.0) ['dev-qt/qtcore:5', 'dev-qt/qtgui:5', 'dev-qt/qtnetwork:5', 'dev-qt/qtwidgets:5', 'dev-qt/qtdbus:5', 'dev-qt/linguist-tools:5'] > dependency.bad net-p2p/bitcoin-qt/bitcoin-qt-0.16.3.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['dev-qt/qtcore:5', 'dev-qt/qtgui:5', 'dev-qt/qtnetwork:5', 'dev-qt/qtwidgets:5', 'dev-qt/qtdbus:5'] > dependency.bad net-p2p/bitcoin-qt/bitcoin-qt-0.16.3.ebuild: DEPEND: arm(default/linux/arm/17.0) ['dev-qt/qtcore:5', 'dev-qt/qtgui:5', 'dev-qt/qtnetwork:5', 'dev-qt/qtwidgets:5', 'dev-qt/qtdbus:5', 'dev-qt/linguist-tools:5']
An automated check of this bug succeeded - the previous repoman errors are now resolved.
amd64 stable
x86 stable
arm: we missed the security delay of 20 days. In a week, I'll proceed to cleanup whether this is stabilized or not.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b0b2fb607337ffc92be3d8313498e55616e6963 commit 6b0b2fb607337ffc92be3d8313498e55616e6963 Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2018-10-23 20:37:40 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-10-23 20:38:28 +0000 dev-util/bitcoin-tx: remove old and vulnerable Bug: https://bugs.gentoo.org/666669 Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 dev-util/bitcoin-tx/Manifest | 2 - dev-util/bitcoin-tx/bitcoin-tx-0.15.1.ebuild | 102 --------------------------- 2 files changed, 104 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a51f2a1855e1dd6c62eb7a8ee17ca27531f9d146 commit a51f2a1855e1dd6c62eb7a8ee17ca27531f9d146 Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2018-10-23 20:36:16 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-10-23 20:38:27 +0000 net-libs/libbitcoinconsensus: remove old and vulnerable Bug: https://bugs.gentoo.org/666669 Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 net-libs/libbitcoinconsensus/Manifest | 2 - .../libbitcoinconsensus-0.15.1.ebuild | 99 ---------------------- 2 files changed, 101 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c847a77d54b0910d52d4852859651fa49510eb3 commit 3c847a77d54b0910d52d4852859651fa49510eb3 Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2018-10-23 20:35:00 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-10-23 20:38:27 +0000 net-p2p/bitcoind: remove old and vulnerable Bug: https://bugs.gentoo.org/666669 Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 net-p2p/bitcoind/Manifest | 2 - net-p2p/bitcoind/bitcoind-0.15.1.ebuild | 167 --------------------- .../files/bitcoind-0.15.1-test-build-fix.patch | 24 --- .../files/bitcoind-0.15.1-test-util-fix.patch | 15 -- 4 files changed, 208 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa43f6f2847e6779d6bea9c2242be1fc76b86f20 commit aa43f6f2847e6779d6bea9c2242be1fc76b86f20 Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2018-10-23 20:32:44 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-10-23 20:38:26 +0000 net-p2p/bitcoin-cli: remove old and vulnerable Bug: https://bugs.gentoo.org/666669 Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 net-p2p/bitcoin-cli/Manifest | 2 - net-p2p/bitcoin-cli/bitcoin-cli-0.15.1.ebuild | 101 -------------------------- 2 files changed, 103 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b957e3983c5b664df340102d7311e266244f019 commit 1b957e3983c5b664df340102d7311e266244f019 Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2018-10-23 20:31:22 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-10-23 20:38:26 +0000 net-p2p/bitcoin-qt: remove old and vulnerable Bug: https://bugs.gentoo.org/666669 Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 net-p2p/bitcoin-qt/Manifest | 2 - net-p2p/bitcoin-qt/bitcoin-qt-0.15.1.ebuild | 255 --------------------- .../files/bitcoin-qt-0.15.1-test-build-fix.patch | 24 -- .../files/bitcoin-qt-0.15.1-test-util-fix.patch | 15 -- net-p2p/bitcoin-qt/metadata.xml | 2 - 5 files changed, 298 deletions(-)
This bug is evil...