Not sure what version this is against, but we have several in portage with the 1.2 series being stable. The audit was done apparently in March, so it could be 1.0 or 1.2 which was added to portage in February. The torque changelog doesn't mention this particular problem: http://clusterresources.com/torquedocs20/changelog.shtml
version is <= 2.0.0p8 (missed it on the actual email)
cc'ing herd.
OK, let's stable torque-2.1.2-r2. That will also require a couple other stabilizations. To stable: x86: torque-2.1.2-r2, openpbs-common-1.1.1 ppc64: torque-2.1.2-r2, openpbs-common-1.1.1, lam-mpi-7.1.2 No other architectures have a stable torque.
Arches please test and mark stable. Target keywords are: ~amd64 ~ppc ppc64 x86
sys-cluster/torque-2.1.2-r2 USE="crypt -server -tk" sys-cluster/openpbs-common-1.1.1 1. both packages emerge fine on x86 2. pass collision test have no idea how to test this... Portage 2.1.1-r1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4, 2.6.18.1 i686) ================================================================= System uname: 2.6.18.1 i686 Genuine Intel(R) CPU T2300 @ 1.66GHz Gentoo Base System version 1.12.6 Last Sync: Fri, 10 Nov 2006 19:30:01 +0000 ccache version 2.3 [disabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.7, 2.0.30 dev-lang/python: 2.3.5-r3, 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r4 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--nospinner" FEATURES="autoconfig collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/" LINGUAS="en de en_GB de_CH" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X a52 aac acpi alsa apache2 asf berkdb bitmap-fonts cairo cdr cdrom cli cracklib crypt cups dbus divx dlloader dri dts dvd dvdr dvdread eds elibc_glibc emboss encode fam ffmpeg firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal iconv input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde kdeenablefinal kernel_linux ldap libg++ linguas_de linguas_de_CH linguas_en linguas_en_GB mad mikmod mmx mono mp3 mpeg ncurses nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection rtsp samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd test tetex theora threads truetype truetype-fonts type1-fonts udev unicode userland_GNU vcd video_cards_fbdev video_cards_i810 video_cards_vesa vorbis win32codecs wxwindows x264 xine xml xorg xprint xv xvid zlib" Unset: CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
(In reply to comment #3) > x86: torque-2.1.2-r2, openpbs-common-1.1.1 Stabilized.
ppc64 stable last arch -> marking FIXED
corsair, please don't close security bugs, we usually close them after GLSA publication (if necessary) this has been rated C1 -> GLSA
GLSA 200611-14
I regret to inform you of a mistake in part because of the horrendous tardiness of upstream to fix these holes. This security issue in fact was not fixed until 2.1.6, which I've just added to the tree to stabilize. 2.1.6: b - additional spool handling security fixes 2.1.4 (a ghost release that doesn't actually exist on the site): b - Fix "Spool Job Race condition" So x86/ppc64 will need to again stabilize this.
Bah, not a new GLSA for this stupid issue:( Arches please test and mark stable. Target keywords are: torque-2.1.6.ebuild:KEYWORDS="~amd64 ~ppc ppc64 x86"
ppc64 stable
Stable on x86
Sorry, forgot the GLSA
This could probably use some investigation into openpbs too, since torque is basically a heavily enhanced version of openpbs. Would anyone like to look into it?
GLSA updated.
(In reply to comment #16) > GLSA updated. I hope "temporary" is spelled correctly in the subject this time. =)
Duh! GLSA updated again:-)
(In reply to comment #15) > This could probably use some investigation into openpbs too, since torque is > basically a heavily enhanced version of openpbs. Would anyone like to look into > it? > Donnie - see bug #153495, I think.
closing this - we're done here.
