I think we should stabilize 2.2.8 to get our users on safe ground.
An automated check of this bug failed - repoman reported dependency errors (6 lines truncated): > dependency.bad dev-libs/expat/expat-2.2.8.ebuild: BDEPEND: arm64(default/linux/arm64/17.0) ['app-text/docbook2X'] > dependency.bad dev-libs/expat/expat-2.2.8.ebuild: BDEPEND: arm64(default/linux/arm64/17.0/desktop) ['app-text/docbook2X'] > dependency.bad dev-libs/expat/expat-2.2.8.ebuild: BDEPEND: arm64(default/linux/arm64/17.0/desktop/gnome) ['app-text/docbook2X']
(In reply to Stabilization helper bot from comment #1) > An automated check of this bug failed - repoman reported dependency errors > (6 lines truncated): > > > dependency.bad dev-libs/expat/expat-2.2.8.ebuild: BDEPEND: arm64(default/linux/arm64/17.0) ['app-text/docbook2X'] > > dependency.bad dev-libs/expat/expat-2.2.8.ebuild: BDEPEND: arm64(default/linux/arm64/17.0/desktop) ['app-text/docbook2X'] > > dependency.bad dev-libs/expat/expat-2.2.8.ebuild: BDEPEND: arm64(default/linux/arm64/17.0/desktop/gnome) ['app-text/docbook2X'] Give me a second, I have an idea how to drop that dependency again...
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a3857d108c142a4bf4d69df8fcf1e9d46c6b6609 commit a3857d108c142a4bf4d69df8fcf1e9d46c6b6609 Author: Sebastian Pipping <sping@gentoo.org> AuthorDate: 2019-09-14 18:38:29 +0000 Commit: Sebastian Pipping <sping@gentoo.org> CommitDate: 2019-09-14 18:38:39 +0000 dev-libs/expat: Make use of shipped pre-compiled man page Bug: https://bugs.gentoo.org/694362 Signed-off-by: Sebastian Pipping <sping@gentoo.org> Package-Manager: Portage-2.3.68, Repoman-2.3.16 dev-libs/expat/expat-2.2.8.ebuild | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)
Done :)
hppa/sparc stable
An automated check of this bug succeeded - the previous repoman errors are now resolved.
arm64 stable
x86 stable
amd64 stable
ia64/ppc/ppc64 stable
s390 stable
alpha stable
New GLSA request filed.
arm stable
@ maintainer(s): Please cleanup and drop <dev-libs/expat-2.2.8!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a865e40bcced3a011bfaf0f48e8e3ca24720121 commit 8a865e40bcced3a011bfaf0f48e8e3ca24720121 Author: Sebastian Pipping <sping@gentoo.org> AuthorDate: 2019-10-26 10:43:19 +0000 Commit: Sebastian Pipping <sping@gentoo.org> CommitDate: 2019-10-26 10:44:11 +0000 dev-libs/expat: Remove vulnerable Bug: https://bugs.gentoo.org/694362 Signed-off-by: Sebastian Pipping <sping@gentoo.org> Package-Manager: Portage-2.3.68, Repoman-2.3.16 dev-libs/expat/Manifest | 2 - dev-libs/expat/expat-2.2.6.ebuild | 97 --------------------------------------- dev-libs/expat/expat-2.2.7.ebuild | 96 -------------------------------------- 3 files changed, 195 deletions(-)
This issue was resolved and addressed in GLSA 201911-08 at https://security.gentoo.org/glsa/201911-08 by GLSA coordinator Aaron Bauman (b-man).