Summary: | net-misc/openconnect-4.08 looks newer than 4.99 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Pacho Ramos <pacho> |
Component: | Current packages | Assignee: | Matthew Schultz <mattsch> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 457068, 460096 |
Description
Pacho Ramos
2013-03-03 11:13:47 UTC
Not sure how to deal with this other than bring 4.08 into the tree, then when it is stabilized, remove 4.99 from the tree. I just confirmed, that you can simply do this: cp openconnect-4.99.ebuild openconnect-4.08.ebuild. Also setting a minimum MTU will likely fix the problem with bug 446142. I am very confused. Which one contains the security fix for the bugs that block this one? (In reply to comment #3) > I am very confused. Which one contains the security fix for the bugs that > block this one? 4.08 fixes CVE-2012-6128. (In reply to comment #4) > (In reply to comment #3) > > I am very confused. Which one contains the security fix for the bugs that > > block this one? > > 4.08 fixes CVE-2012-6128. Ok thanks Is there a chance to ask upstream to learn how to tag versions properly and that 4.99 > 4.08 in the modern world? (In reply to comment #5) > (In reply to comment #4) > > (In reply to comment #3) > > > I am very confused. Which one contains the security fix for the bugs that > > > block this one? > > > > 4.08 fixes CVE-2012-6128. > > Ok thanks > > Is there a chance to ask upstream to learn how to tag versions properly and > that 4.99 > 4.08 in the modern world? After communicating with upstream, 4.99 does in fact contain the CVE-2012-6128 fix. Apparently 4.08 contains some things backported from 4.99 since they consider 4.99 to be a beta. Don't ask me why they do not say it's a beta in the changelog. I could not confirm if any of the other fixes in 4.08 are also in 4.99 but based on the backport statement, I would assume they are. So I think this bug might be able to be closed since it's a non-issue. (In reply to comment #6) > (In reply to comment #5) > > (In reply to comment #4) > > > (In reply to comment #3) > > > > I am very confused. Which one contains the security fix for the bugs that > > > > block this one? > > > > > > 4.08 fixes CVE-2012-6128. > > > > Ok thanks > > > > Is there a chance to ask upstream to learn how to tag versions properly and > > that 4.99 > 4.08 in the modern world? > > After communicating with upstream, 4.99 does in fact contain the > CVE-2012-6128 fix. Apparently 4.08 contains some things backported from > 4.99 since they consider 4.99 to be a beta. Don't ask me why they do not > say it's a beta in the changelog. I could not confirm if any of the other > fixes in 4.08 are also in 4.99 but based on the backport statement, I would > assume they are. So I think this bug might be able to be closed since it's > a non-issue. so let me get this straight. 4.99 is a newer version (5.0_beta or whatever) and 4.08 is some older version + patches from 4.99. Ugh... (In reply to comment #7) > (In reply to comment #6) > > (In reply to comment #5) > > > (In reply to comment #4) > > > > (In reply to comment #3) > > > > > I am very confused. Which one contains the security fix for the bugs that > > > > > block this one? > > > > > > > > 4.08 fixes CVE-2012-6128. > > > > > > Ok thanks > > > > > > Is there a chance to ask upstream to learn how to tag versions properly and > > > that 4.99 > 4.08 in the modern world? > > > > After communicating with upstream, 4.99 does in fact contain the > > CVE-2012-6128 fix. Apparently 4.08 contains some things backported from > > 4.99 since they consider 4.99 to be a beta. Don't ask me why they do not > > say it's a beta in the changelog. I could not confirm if any of the other > > fixes in 4.08 are also in 4.99 but based on the backport statement, I would > > assume they are. So I think this bug might be able to be closed since it's > > a non-issue. > > so let me get this straight. 4.99 is a newer version (5.0_beta or whatever) > and 4.08 is some older version + patches from 4.99. Ugh... Yeah, pretty much. So I don't know if we should bother bringing in 4.08 to the tree since 4.99 is already stable. Per: http://git.infradead.org/users/dwmw2/openconnect.git/shortlog looks like 4.08 is newer than 4.99, it also looks to be a "stable" release (over 4.99) and also solves bug 460096. I would then "bump" it to the tree, stable it due security reasons and hard-mask 4.99 We never ha+*openconnect-4.08 (04 Mar 2013) + + 04 Mar 2013; Markos Chandras <hwoarang@gentoo.org> +openconnect-4.08.ebuild: + Upstream lacks math skills and for them 4.08 is greater than 4.99. Fixes bug + #460098. Mask 4.99 until all the mess is sorted + |