Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 18161 - Security advisory says to upgrade to glibc-2.3.1-r4, can't find in portage
Summary: Security advisory says to upgrade to glibc-2.3.1-r4, can't find in portage
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: x86 Linux
: High critical
Assignee: Daniel Ahlberg (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-03-25 13:38 UTC by FieldySnuts
Modified: 2003-03-30 10:37 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description FieldySnuts 2003-03-25 13:38:16 UTC 
Tried to upgrade glibc as stated in todays security advisory.

The advisory says to upgrade to glibc-2.3.1-r4 , however after doing an emerge
sync the latest I get is 2.2.5-r8. I do have the ~x86 keyword in /etc/make.conf .

Reproducible: Always
Steps to Reproduce:
1. emerge sync
2. emerge -s glibc
3. look for version
4. emerge sync again, parnoia
5. emerge -s glibc
6. look for version
7. repeat if needed

Actual Results:  
I was presented with 2.2.5-r8 being the latest available version.

Expected Results:  
I should have been able to upgrade to what the security advisory said to,
glibc-2.3.1-r4 .

Portage 2.0.46-r12 (default-1.0, gcc-2.95.3, glibc-2.2.5-r2,2.2.5-r6)
=================================================================
System uname: 2.4.19-ipv6-usbdnet i686 AuthenticAMD
GENTOO_MIRRORS="http://csociety-ftp.ecn.purdue.edu/pub/gentoo ftp://ftp.gtlib
.cc.gatech.edu/pub/gentoo ftp://gentoo.linux.no/pub/gentoo ftp://ftp.oregonst
ate.edu/pub/gentoo http://www.ibiblio.org/pub/Linux/distributions/gentoo"
CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config /usr/kde/2/share/co
nfig /usr/kde/3/share/config /usr/X11R6/lib/X11/xkb:/usr/kde/3.1/share/config
:/usr/share/config"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
PORTDIR="/usr/portage"
DISTDIR="/usr/portage/distfiles"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR_OVERLAY=""
USE="x86 oss apm avi crypt cups jpeg libg++ mikmod mpeg ncurses quicktime spe
ll xml2 xv aalib berkdb bonobo directfb esd gdbm gif gnome-libs gtkhtml guile
 imlib java ldap libwww motif mozilla nls opengl pam png python qt readline s
canner sdl slang ssl svga tcpd tetex tiff X gtk gtk2 gpm gnome -alsa -arts 3d
now cdr encode kde mmx oggvorbis pdflib perl sse truetype xmms ipv6"
COMPILER=""
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=i686 -O3 -pipe"
CXXFLAGS="-march=i686 -O3 -pipe"
ACCEPT_KEYWORDS="x86 ~x86"
MAKEOPTS="-j3"
AUTOCLEAN="yes"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
FEATURES="sandbox ccache"


I thought ACCEPT_KEYWORDS="x86 ~x86" might have been a problems, as I thought
only one should be in there. But I get the same results with:

ACCEPT_KEYWORDS="~x86" emerge -s glibc

Cheers.
Comment 1 Robert Coie (RETIRED) gentoo-dev 2003-03-25 13:49:43 UTC 
You will need to install GCC 3 in order to be able to compile any glibc >=2.3.
Comment 2 FieldySnuts 2003-03-25 13:54:12 UTC 
Hm. Okay.

Either this means anyone using gcc2 is vulnerable and stuck with it, or there is a seperate way/version for upgrading glibc with gcc2.
Comment 3 Matt Taylor 2003-03-27 20:18:44 UTC 
glibc-2.2.5-r8 has the update...see the changelog entry:

*glibc-2.2.5-r8 (21 Mar 2003)

  21 Mar 2003; Daniel Ahlberg <aliz@gentoo.org> glibc-2.2.5-r8.ebuild :
  Security update.
Comment 4 FieldySnuts 2003-03-28 11:35:22 UTC 
Ahh. Okay great, thanks. Worked for me.
Comment 5 Daniel Ahlberg (RETIRED) gentoo-dev 2003-03-30 10:37:33 UTC 
my mistake. I didn't realize that pre 1.4 versions still used glibc 2.2.5. Versions 
2.2.5-r8 and 2.3.1-r4 both contains the security update.