Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 64708 - glsa-check continually wants to remerge qt-3.3.3
Summary: glsa-check continually wants to remerge qt-3.3.3
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-09-19 19:07 UTC by Andrew Conkling
Modified: 2004-09-20 05:31 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Conkling 2004-09-19 19:07:20 UTC 
I've been using glsa-check in my standard updating procedure, but the last few times I've tried it (in about the last 3 weeks or so), it has repeatedly wanted to merge qt-3.3.3, as per GLSA 200408-20. I let it go the first time, but it keeps doing it.

I tried searching and couldn't find anything but the GLSA kernel problem, which this definitely isn't.

Reproducible: Always
Steps to Reproduce:
1. glsa-check -f all
2. Injected the GLSA.
3. glsa-check -f all still wants to remerge qt-3.3.3.

Actual Results:  
Repeated merging

Expected Results:  
I expected glsa-check to fix the security problem.

Portage 2.0.50-r11 (default-x86-2004.0, gcc-3.3.4, glibc-2.3.3.20040420-r1,
2.6.8-rc2-love3)
=================================================================
System uname: 2.6.8-rc2-love3 i686 Intel(R) Pentium(R) 4 CPU 1300MHz
Gentoo Base System version 1.5.3
Autoconf: sys-devel/autoconf-2.59-r4
Automake: sys-devel/automake-1.8.5-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config
/usr/kde/3/share/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox"
GENTOO_MIRRORS="http://open-systems.ufl.edu/mirrors/gentoo
ftp://ftp.ndlug.nd.edu/pub/gentoo/ ftp://mirrors.tds.net/gentoo
ftp://ibiblio.org/pub/Linux/distributions/gentoo/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage /usr/local/fluidportage/trunk"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X aalib alsa apm avi berkdb bitmap-fonts bzlib cdr crypt directfb dvd
encode esd fbcon gdbm gif gnome gpm gtk gtk2 imlib java jpeg libg++ libwww mad
mmx motif mpeg ncurses nls opengl pam pdflib perl png python qt quicktime
readline sdl slang spell sse ssl svga tcltk tcpd truetype x86 xml2 xmms xosd
xprint xv zlib"
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-09-20 00:48:45 UTC 
I suspect you have multiple versions of qt installed (with different SLOTs) and that even when you upgrade qt, you only upgrade (or reinstall) the latest SLOT, leaving the old SLOT installed and vulnerable.

Could you check what versions of qt you have installed by running :
# qpkg -I -v qt
and report back here ?
Comment 2 Andrew Conkling 2004-09-20 05:31:09 UTC 
You're right; I have qt-3.3.3 and qt-2.3.2.  dep -r tells me that no package needs the older one specifically, so I'm going to remove it.

Thanks for the help.