This will be problematic as 4.99 has already gone to stable in some arches, but: http://www.infradead.org/openconnect/changelog.html -> if you see dates, you will see 4.08 is newer than 4.99 http://git.infradead.org/users/dwmw2/openconnect.git/shortlog -> looks to confirm it Reproducible: Always
Not sure how to deal with this other than bring 4.08 into the tree, then when it is stabilized, remove 4.99 from the tree.
I just confirmed, that you can simply do this: cp openconnect-4.99.ebuild openconnect-4.08.ebuild. Also setting a minimum MTU will likely fix the problem with bug 446142.
I am very confused. Which one contains the security fix for the bugs that block this one?
(In reply to comment #3) > I am very confused. Which one contains the security fix for the bugs that > block this one? 4.08 fixes CVE-2012-6128.
(In reply to comment #4) > (In reply to comment #3) > > I am very confused. Which one contains the security fix for the bugs that > > block this one? > > 4.08 fixes CVE-2012-6128. Ok thanks Is there a chance to ask upstream to learn how to tag versions properly and that 4.99 > 4.08 in the modern world?
(In reply to comment #5) > (In reply to comment #4) > > (In reply to comment #3) > > > I am very confused. Which one contains the security fix for the bugs that > > > block this one? > > > > 4.08 fixes CVE-2012-6128. > > Ok thanks > > Is there a chance to ask upstream to learn how to tag versions properly and > that 4.99 > 4.08 in the modern world? After communicating with upstream, 4.99 does in fact contain the CVE-2012-6128 fix. Apparently 4.08 contains some things backported from 4.99 since they consider 4.99 to be a beta. Don't ask me why they do not say it's a beta in the changelog. I could not confirm if any of the other fixes in 4.08 are also in 4.99 but based on the backport statement, I would assume they are. So I think this bug might be able to be closed since it's a non-issue.
(In reply to comment #6) > (In reply to comment #5) > > (In reply to comment #4) > > > (In reply to comment #3) > > > > I am very confused. Which one contains the security fix for the bugs that > > > > block this one? > > > > > > 4.08 fixes CVE-2012-6128. > > > > Ok thanks > > > > Is there a chance to ask upstream to learn how to tag versions properly and > > that 4.99 > 4.08 in the modern world? > > After communicating with upstream, 4.99 does in fact contain the > CVE-2012-6128 fix. Apparently 4.08 contains some things backported from > 4.99 since they consider 4.99 to be a beta. Don't ask me why they do not > say it's a beta in the changelog. I could not confirm if any of the other > fixes in 4.08 are also in 4.99 but based on the backport statement, I would > assume they are. So I think this bug might be able to be closed since it's > a non-issue. so let me get this straight. 4.99 is a newer version (5.0_beta or whatever) and 4.08 is some older version + patches from 4.99. Ugh...
(In reply to comment #7) > (In reply to comment #6) > > (In reply to comment #5) > > > (In reply to comment #4) > > > > (In reply to comment #3) > > > > > I am very confused. Which one contains the security fix for the bugs that > > > > > block this one? > > > > > > > > 4.08 fixes CVE-2012-6128. > > > > > > Ok thanks > > > > > > Is there a chance to ask upstream to learn how to tag versions properly and > > > that 4.99 > 4.08 in the modern world? > > > > After communicating with upstream, 4.99 does in fact contain the > > CVE-2012-6128 fix. Apparently 4.08 contains some things backported from > > 4.99 since they consider 4.99 to be a beta. Don't ask me why they do not > > say it's a beta in the changelog. I could not confirm if any of the other > > fixes in 4.08 are also in 4.99 but based on the backport statement, I would > > assume they are. So I think this bug might be able to be closed since it's > > a non-issue. > > so let me get this straight. 4.99 is a newer version (5.0_beta or whatever) > and 4.08 is some older version + patches from 4.99. Ugh... Yeah, pretty much. So I don't know if we should bother bringing in 4.08 to the tree since 4.99 is already stable.
Per: http://git.infradead.org/users/dwmw2/openconnect.git/shortlog looks like 4.08 is newer than 4.99, it also looks to be a "stable" release (over 4.99) and also solves bug 460096. I would then "bump" it to the tree, stable it due security reasons and hard-mask 4.99
We never ha+*openconnect-4.08 (04 Mar 2013) + + 04 Mar 2013; Markos Chandras <hwoarang@gentoo.org> +openconnect-4.08.ebuild: + Upstream lacks math skills and for them 4.08 is greater than 4.99. Fixes bug + #460098. Mask 4.99 until all the mess is sorted +