Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net-libs/libsignal-protocol-c: Drop 2.3.3 #31334

Closed
wants to merge 1 commit into from
Closed

net-libs/libsignal-protocol-c: Drop 2.3.3 #31334

wants to merge 1 commit into from

Conversation

bowlofeggs
Copy link
Contributor

@bowlofeggs bowlofeggs commented Jun 6, 2023
edited

This ebuild is vulnerable to CVE-2022-48468 and is superceded by libsignal-protocol-c-2.3.3-r1.ebuild, which remains in tree.

Bug: https://bugs.gentoo.org/905098

@gentoo-bot gentoo-bot added assigned PR successfully assigned to the package maintainer(s). no bug found No Bug/Closes found in the commits. labels Jun 6, 2023
@bowlofeggs bowlofeggs changed the title net-libs/libsignal-protocol-c: Drop 2.3.3 net-libs/libsignal-protocol-c: Drop 2.3.3 [please reassign] Jun 6, 2023
@gentoo-bot gentoo-bot changed the title net-libs/libsignal-protocol-c: Drop 2.3.3 [please reassign] net-libs/libsignal-protocol-c: Drop 2.3.3 Jun 6, 2023
@gentoo-bot gentoo-bot added assigned PR successfully assigned to the package maintainer(s). bug linked Bug/Closes found in footer, and cross-linked with the PR. security PR that needs to be merged promptly as it addresses security issues and removed assigned PR successfully assigned to the package maintainer(s). no bug found No Bug/Closes found in the commits. labels Jun 6, 2023
@bowlofeggs
Copy link
Contributor Author

Should I not use the Closes GLEP 66 tag so that the bug stays open after this is merged for things like the GLSA and so forth?

@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2023-06-06 22:09 UTC
Newest commit scanned: 6efa18e
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/0a65dd3112/output.html

@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2023-06-06 22:19 UTC
Newest commit scanned: 33356fa
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/76704df5b5/output.html

@ceamac
Copy link
Contributor

ceamac commented Jun 7, 2023

Should I not use the Closes GLEP 66 tag so that the bug stays open after this is merged for things like the GLSA and so forth?

Yes, if the bug is assigned to the Security Team you should use Bug: instead of Closes: and let them close the bug.

@bowlofeggs
net-libs/libsignal-protocol-c: Drop 2.3.3
c5ed38f 
This ebuild is vulnerable to CVE-2022-48468 and is superceded by
libsignal-protocol-c-2.3.3-r1.ebuild, which remains in tree.

Bug: https://bugs.gentoo.org/905098
Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
@bowlofeggs bowlofeggs changed the title net-libs/libsignal-protocol-c: Drop 2.3.3 net-libs/libsignal-protocol-c: Drop 2.3.3 [please reassign] Jun 8, 2023
@bowlofeggs
Copy link
Contributor Author

Yes, if the bug is assigned to the Security Team you should use Bug: instead of Closes: and let them close the bug.

I've made this adjustment. Thanks!

@gentoo-bot gentoo-bot changed the title net-libs/libsignal-protocol-c: Drop 2.3.3 [please reassign] net-libs/libsignal-protocol-c: Drop 2.3.3 Jun 8, 2023
@gentoo-bot
Copy link

Pull Request assignment

Submitter: @bowlofeggs
Areas affected: ebuilds
Packages affected: net-libs/libsignal-protocol-c

net-libs/libsignal-protocol-c: william[at]wstrm.dev, @gentoo/proxy-maint

Linked bugs

Bugs linked: 905098

In order to force reassignment and/or bug reference scan, please append [please reassign] to the pull request title.

Docs: Code of ConductCopyright policy (expl.) ● DevmanualGitHub PRsProxy-maint guide

@gentoo-bot gentoo-bot added assigned PR successfully assigned to the package maintainer(s). bug linked Bug/Closes found in footer, and cross-linked with the PR. and removed assigned PR successfully assigned to the package maintainer(s). bug linked Bug/Closes found in footer, and cross-linked with the PR. labels Jun 8, 2023
@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2023-06-08 01:39 UTC
Newest commit scanned: c5ed38f
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/1fa105c657/output.html

@bowlofeggs bowlofeggs deleted the 905098-CVE-2022-48468 branch July 12, 2023 21:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
assigned PR successfully assigned to the package maintainer(s). bug linked Bug/Closes found in footer, and cross-linked with the PR. security PR that needs to be merged promptly as it addresses security issues
Projects
None yet
Milestone
No milestone
4 participants
@bowlofeggs @gentoo-repo-qa-bot @ceamac @gentoo-bot