First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 81721
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Portage Utilities Team <tools-portage@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Diederik van der Boor <mail-gentoobugs@codingdomain.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 81721 depends on: Show dependency tree
Show dependency graph
Bug 81721 blocks: 170220
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-02-12 04:51 0000 
I've noticed glsa-check doesn't try to merge the latest version of a package:
Take a look at the output snapshow below; glsa-check tries to merge "mit-krb5-1.3.6" but "mit-krb5-1.3.6-r1" is available in portage:

fixing 200501-05
>>> merging app-crypt/mit-krb5-1.3.6
Calculating dependencies
!!! All ebuilds that could satisfy "=app-crypt/mit-krb5-1.3.6" have been masked.
!!! One of the following masked packages is required to complete your request:
- app-crypt/mit-krb5-1.3.6 (masked by: ~x86 keyword)

For more information, see MASKED PACKAGES section in the emerge man page or
section 2.2 "Software Availability" in the Gentoo Handbook.

root@pts/1 root # etcat -v app-crypt/mit-krb5
[ Results for search key           : app-crypt/mit-krb5 ]
[ Candidate applications found : 10 ]

 Only printing found installed programs.

*  app-crypt/mit-krb5 :
        [   ] 1.3.1 (0)
        [   ] 1.3.1-r1 (0)
        [M~ ] 1.3.3 (0)
        [   ] 1.3.3-r1 (0)
        [   ] 1.3.4 (0)
        [   ] 1.3.4-r1 (0)
        [M~ ] 1.3.5 (0)
        [M I] 1.3.5-r1 (0)
        [M~ ] 1.3.6 (0)
        [   ] 1.3.6-r1 (0)


Reproducible: Always
Steps to Reproduce:

------- Comment #1 From Marius Mauch 2005-02-12 08:36:31 0000 ------- 
That's intentional, glsa-check uses a least-change policy.

------- Comment #2 From Wolfram Schlich 2007-03-30 11:26:20 0000 ------- 
Marius, please add a switch to glsa-check which enables us to install
the latest and greatest stable version of a package affected by a GLSA.

Maybe you can add a getMaxUpgrade function to /usr/lib/gentoolkit/pym/glsa.py
and add a switch called -g or --greatest?

------- Comment #3 From Wolfram Schlich 2007-03-30 11:35:25 0000 ------- 
The workaround I am currently using is:

glsa-check -p affected | grep / | awk '{ print $1 }' | xargs -n 1 -i{} echo
'>={}' | xargs emerge

But obviously, this sucks :-)

------- Comment #4 From Joshua Hoblitt 2007-04-10 21:13:28 0000 ------- 
Well it's not exactly a least change policy either.  I have a system that
glsa-check insistent on install python 2.3.5 on even though python 2.4 was
already installed.  I believe that correct behavior would have been to do
nothing in this case.

--
fixing 200610-07
>>> merging dev-lang/python-2.3.5-r3
Calculating dependencies... done!

>>> Emerging (1 of 1) dev-lang/python-2.3.5-r3 to /
--

------- Comment #5 From Marius Mauch 2007-04-10 21:28:12 0000 ------- 
Well, I'd bet you also have another version of python-2.3 installed that is
vulnerable and therefore has to be upgraded.

------- Comment #6 From Marius Mauch 2007-05-30 17:22:28 0000 ------- 
r403 has a new --emergelike option to use a strategy similar to emerge when
selecting upgrades.

------- Comment #7 From Paul Varner 2007-07-27 21:39:40 0000 ------- 
Released in gentoolkit-0.2.4_pre6
First Last Prev Next    No search results available      Search page      Enter new bug