18161 – Security advisory says to upgrade to glibc-2.3.1-r4, can't find in portage

Bug 18161 - Security advisory says to upgrade to glibc-2.3.1-r4, can't find in portage

Summary: Security advisory says to upgrade to glibc-2.3.1-r4, can't find in portage

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	x86 Linux

Importance:	High critical (vote)
Assignee:	Daniel Ahlberg (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-03-25 13:38 UTC by FieldySnuts
Modified:	2003-03-30 10:37 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description FieldySnuts 2003-03-25 13:38:16 UTC

Tried to upgrade glibc as stated in todays security advisory.

The advisory says to upgrade to glibc-2.3.1-r4 , however after doing an emerge
sync the latest I get is 2.2.5-r8. I do have the ~x86 keyword in /etc/make.conf .

Reproducible: Always
Steps to Reproduce:
1. emerge sync
2. emerge -s glibc
3. look for version
4. emerge sync again, parnoia
5. emerge -s glibc
6. look for version
7. repeat if needed

Actual Results:  
I was presented with 2.2.5-r8 being the latest available version.

Expected Results:  
I should have been able to upgrade to what the security advisory said to,
glibc-2.3.1-r4 .

Portage 2.0.46-r12 (default-1.0, gcc-2.95.3, glibc-2.2.5-r2,2.2.5-r6)
=================================================================
System uname: 2.4.19-ipv6-usbdnet i686 AuthenticAMD
GENTOO_MIRRORS="http://csociety-ftp.ecn.purdue.edu/pub/gentoo ftp://ftp.gtlib
.cc.gatech.edu/pub/gentoo ftp://gentoo.linux.no/pub/gentoo ftp://ftp.oregonst
ate.edu/pub/gentoo http://www.ibiblio.org/pub/Linux/distributions/gentoo"
CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config /usr/kde/2/share/co
nfig /usr/kde/3/share/config /usr/X11R6/lib/X11/xkb:/usr/kde/3.1/share/config
:/usr/share/config"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
PORTDIR="/usr/portage"
DISTDIR="/usr/portage/distfiles"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR_OVERLAY=""
USE="x86 oss apm avi crypt cups jpeg libg++ mikmod mpeg ncurses quicktime spe
ll xml2 xv aalib berkdb bonobo directfb esd gdbm gif gnome-libs gtkhtml guile
 imlib java ldap libwww motif mozilla nls opengl pam png python qt readline s
canner sdl slang ssl svga tcpd tetex tiff X gtk gtk2 gpm gnome -alsa -arts 3d
now cdr encode kde mmx oggvorbis pdflib perl sse truetype xmms ipv6"
COMPILER=""
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=i686 -O3 -pipe"
CXXFLAGS="-march=i686 -O3 -pipe"
ACCEPT_KEYWORDS="x86 ~x86"
MAKEOPTS="-j3"
AUTOCLEAN="yes"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
FEATURES="sandbox ccache"


I thought ACCEPT_KEYWORDS="x86 ~x86" might have been a problems, as I thought
only one should be in there. But I get the same results with:

ACCEPT_KEYWORDS="~x86" emerge -s glibc

Cheers.

Comment 1 Robert Coie (RETIRED) gentoo-dev

2003-03-25 13:49:43 UTC

You will need to install GCC 3 in order to be able to compile any glibc >=2.3.

Comment 2 FieldySnuts 2003-03-25 13:54:12 UTC

Hm. Okay.

Either this means anyone using gcc2 is vulnerable and stuck with it, or there is a seperate way/version for upgrading glibc with gcc2.

Comment 3 Matt Taylor 2003-03-27 20:18:44 UTC

glibc-2.2.5-r8 has the update...see the changelog entry:

*glibc-2.2.5-r8 (21 Mar 2003)

  21 Mar 2003; Daniel Ahlberg <aliz@gentoo.org> glibc-2.2.5-r8.ebuild :
  Security update.

Comment 4 FieldySnuts 2003-03-28 11:35:22 UTC

Ahh. Okay great, thanks. Worked for me.

Comment 5 Daniel Ahlberg (RETIRED) gentoo-dev

2003-03-30 10:37:33 UTC

my mistake. I didn't realize that pre 1.4 versions still used glibc 2.2.5. Versions 
2.2.5-r8 and 2.3.1-r4 both contains the security update.