sys-kernel/usermode-sources-2.4.26-r13 causes glsa alarm if um-src-2.4.26-r13 (stable) is installed, glsa-check says: we have a problem w/ glsa-200403-02 <snip> Affected package: sys-kernel/usermode-sources Affected archs: All Vulnerable: <2.6.3-r1 Unaffected: =2.4.24-r1 >=2.6.3-r1 </snip>
glsa-200407-16 is also affected <snip> Affected package: sys-kernel/usermode-sources Affected archs: All Vulnerable: <2.6.6-r4 Unaffected: >=~2.4.24-r6 >=~2.4.26-r3 >=2.6.6-r4 </snip>
and 200408-24 <snip> Affected package: sys-kernel/usermode-sources Affected archs: All Vulnerable: <2.6.6-r6 Unaffected: >=~2.4.24-r9 >=~2.4.26-r6 >=2.6.6-r6 </snip>
Kernel GLSAs are buggy anyway... I fixed GLSA 200403-02 because 2.4.26 versions were listed as affected while they were not. That said, the other two GLSAs (200407-16 and 200408-24) are correct so 2.4.26-r13 should show correctly as unaffected on those. Make sure (1) you use a recent glsa-check (2) you don't have any dupe slot affected kernel installed (qpkg -I -d -v | grep usermode-sources)
1) yes 2) i have installed both 2.4.26-r13 and 2.6.8.1-r9
Then it's a glsa-check bug... reassigning to the portage tools team. In the meantime I recommend injecting (--inject) the problematic GLSAs so that they don't show up as affected. Please also note that checking kernel GLSAs doesn't make much sense anyway since they check the installed sources and not the running kernel. That's one of many reasons why we are replacing them with a new alert system.
Why do people have to use two-digit revision numbers exposing unbelievingly stupid bugs in my code like using string comparison to compare numbers?
Marius: does 0.2.1_pre1 fix this one too ?
I think so.
