Comment 1 Thomas Deutschmann (RETIRED) 2020-03-15 01:35:06 UTC

Looks like patches didn't make it into 5.53 release.

Comment 2 Sam James 2020-03-15 01:38:12 UTC

(In reply to Thomas Deutschmann from comment #1)
> Looks like patches didn't make it into 5.53 release.


NOTE: As pointed out [0] on oss-security, these patches do not seem to have landed in time for 5.53, contrary to the advisory(!)

I have verified this claim by downloading the tarball and checking for the patches but they do not seem to apply.

Note that maintainers can still apply the linked patches.

[0] https://www.openwall.com/lists/oss-security/2020/03/13/2

Comment 3 Sam James 2020-03-15 01:38:44 UTC

(In reply to sam_c (Security Padawan) from comment #2)
> (In reply to Thomas Deutschmann from comment #1)
> > Looks like patches didn't make it into 5.53 release.
> 
> 
> NOTE: As pointed out [0] on oss-security, these patches do not seem to have
> landed in time for 5.53, contrary to the advisory(!)
> 
> I have verified this claim by downloading the tarball and checking for the
> patches but they do not seem to apply.
> 
> Note that maintainers can still apply the linked patches.
> 
> [0] https://www.openwall.com/lists/oss-security/2020/03/13/2

s/apply/have been applied/.

Comment 4 Pacho Ramos 2020-03-20 15:12:24 UTC

We can try to stabilize 5.54 I think

Comment 5 Stabilization helper bot 2020-03-20 16:01:14 UTC

An automated check of this bug failed - repoman reported dependency errors (193 lines truncated): 

> dependency.bad net-wireless/bluez/bluez-5.54.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['>=dev-libs/ell-0.28']
> dependency.bad net-wireless/bluez/bluez-5.54.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['>=dev-libs/ell-0.28']
> dependency.bad net-wireless/bluez/bluez-5.54.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['>=dev-libs/ell-0.28']

Comment 6 Sam James 2020-03-20 16:04:53 UTC

(In reply to Pacho Ramos from comment #4)
> We can try to stabilize 5.54 I think

Yes please, they've updated the advisory now, so 5.5.4 is the first fixed version.

Comment 7 Ben Kohler 2020-03-20 18:17:16 UTC

Current stable net-wireless/iwd-1.4 depends on ~ell-0.27, can we add iwd-1.5 stabilization to this list? No known blockers for iwd stable

Comment 8 Pacho Ramos 2020-03-20 22:49:46 UTC

sure

Comment 9 Agostino Sarubbo 2020-03-21 16:25:41 UTC

amd64 stable

Comment 10 Agostino Sarubbo 2020-03-21 16:48:15 UTC

arm stable

Comment 11 Agostino Sarubbo 2020-03-21 16:50:05 UTC

ppc stable

Comment 12 Agostino Sarubbo 2020-03-21 16:50:46 UTC

ppc64 stable

Comment 13 Agostino Sarubbo 2020-03-21 16:51:22 UTC

x86 stable

Comment 14 Rolf Eike Beer 2020-03-23 21:12:53 UTC

dropped to ~hppa

Comment 15 Sam James 2020-03-23 21:27:53 UTC

(updating whiteboard)

Comment 16 Thomas Deutschmann (RETIRED) 2020-03-25 15:16:50 UTC

New GLSA request filed.

Comment 17 GLSAMaker/CVETool Bot 2020-03-25 15:36:04 UTC

This issue was resolved and addressed in
 GLSA 202003-49 at https://security.gentoo.org/glsa/202003-49
by GLSA coordinator Thomas Deutschmann (whissi).

Comment 18 Thomas Deutschmann (RETIRED) 2020-03-25 15:36:42 UTC

Re-opening for remaining architectures.

Comment 19 Mart Raudsepp 2020-03-29 11:03:53 UTC

arm64 stable

Comment 20 Sam James 2020-03-29 17:53:12 UTC

@maintainer(s), please cleanup

Comment 21 Pacho Ramos 2020-04-01 23:26:54 UTC

cleanup done

Comment 22 Sam James 2020-04-01 23:29:42 UTC

Tree clean, GLSA done, closing.