Re: [gentoo-user] gentoo-sources-2.4.22-r3
On Thu, 2004-01-08 at 04:56, Marius Mauch wrote: Both r2 and r3 were fixed yesterday, however to be sure use r3 (the patch was added to r2 after it was already deployed, so it's hard to say wether your installation has it). Sorry to prolong the thread, but isn't this not supposed to happen? Isn't the whole point of -rN to indicate when changes have been made? I can accept that changes flow through CVS on -rX that aren't yet marked stable. But certainly, once marked stable, the content of a particular ebuild shouldn't change, should it? So, (just trying to learn), in this case, what happened? AfC -- Andrew Frederick Cowie Operational Dynamics Consulting Pty Ltd Australia: +61 2 9977 6866 North America: +1 646 472 5054 http://www.operationaldynamics.com/ -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] gentoo-sources-2.4.22-r3
pb wrote: gentoo-sources-2.4.22-r3 (released yesterday) doesn't fix any latestst security problems. in fact, it is identical to 2.4.22-r2. i wonder why it has been released and marked as stable... pb -- Public Key: http://teleinfo.tu.kielce.pl/~pb/gpg.asc Glad I decided to wait to upgrade to r3, as r4 just came out :) Aaron -- http://ka0ttic.dyndns.org/ /usr/bin/fortune says: Hawk, we're going to die. Never say die... and certainly never say we. -- M*A*S*H -- [EMAIL PROTECTED] mailing list
[gentoo-user] gentoo-sources-2.4.22-r3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 gentoo-sources-2.4.22-r3 (released yesterday) doesn't fix any latestst security problems. in fact, it is identical to 2.4.22-r2. i wonder why it has been released and marked as stable... pb - -- Public Key: http://teleinfo.tu.kielce.pl/~pb/gpg.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/+9IvTE0TNzgUY2sRAucyAJ93KKdwc+olvXgy0LMH+It6U4AOCQCg04yC lE4KeKS+jm3RlaypXnSJ+T0= =rkzE -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] gentoo-sources-2.4.22-r3
On 01/07/04 pb wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 gentoo-sources-2.4.22-r3 (released yesterday) doesn't fix any latestst security problems. in fact, it is identical to 2.4.22-r2. i wonder why it has been released and marked as stable... How did you check this ? Marius -- Public Key at http://www.genone.de/info/gpg-key.pub In the beginning, there was nothing. And God said, 'Let there be Light.' And there was still nothing, but you could see a bit better. pgp0.pgp Description: PGP signature
Re: [gentoo-user] gentoo-sources-2.4.22-r3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marius Mauch wrote: gentoo-sources-2.4.22-r3 (released yesterday) doesn't fix any latestst security problems. in fact, it is identical to 2.4.22-r2. i wonder why it has been released and marked as stable... How did you check this ? # cd /usr/portage/sys-kernel/gentoo-sources # diff gentoo-sources-2.4.22-r2 gentoo-sources-2.4.22-r3 3c3 # $Header: /home/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.22-r2.ebuild,v 1.3 2004/01/06 15:17:52 plasmaroo Exp $ - --- # $Header: /home/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.22-r3.ebuild,v 1.1 2004/01/06 20:55:12 plasmaroo Exp $ 22c22 http://dev.gentoo.org/~iggy/gentoo-sources-${PVR}.patch.bz2; - --- http://dev.gentoo.org/~iggy/gentoo-sources-2.4.22-r2.patch.bz2; 36c36 bzcat ${DISTDIR}/gentoo-sources-${PVR}.patch.bz2 | patch -p1 \ - --- bzcat ${DISTDIR}/gentoo-sources-2.4.22-r2.patch.bz2 | patch -p1 \ # i didn't notice that 2.4.22-r2 was also updated when i did emerge sync a few minutes earlier. another misleading thing was that 2.4.22-r3 had EXTRAVERSION defined as -gentoo-r2 sorry, my mistake ;) pb - -- Public Key: http://teleinfo.tu.kielce.pl/~pb/gpg.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE//Ct9TE0TNzgUY2sRAprnAJ4vDYteUpFB0vua2KYpT/9TlVWo1wCfSUZt F0swUPYQbDZwQR68bHqnT/E= =4Rho -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] gentoo-sources-2.4.22-r3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 El Miércoles, 07 de Enero de 2004 16:24, Marius Mauch escribió: On 01/07/04 pb wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 gentoo-sources-2.4.22-r3 (released yesterday) doesn't fix any latestst security problems. in fact, it is identical to 2.4.22-r2. i wonder why it has been released and marked as stable... How did you check this ? [EMAIL PROTECTED] gentoo-sources $ diff gentoo-sources-2.4.22-r2.ebuild gentoo-sources-2.4.22-r3.ebuild 3c3 # $Header: /home/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.22-r2.ebuild,v 1.3 2004/01/06 15:17:52 plasmaroo Exp $ - --- # $Header: /home/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.22-r3.ebuild,v 1.1 2004/01/06 20:55:12 plasmaroo Exp $ 22c22 http://dev.gentoo.org/~iggy/gentoo-sources-${PVR}.patch.bz2; - --- http://dev.gentoo.org/~iggy/gentoo-sources-2.4.22-r2.patch.bz2; 36c36 bzcat ${DISTDIR}/gentoo-sources-${PVR}.patch.bz2 | patch -p1 \ - --- bzcat ${DISTDIR}/gentoo-sources-2.4.22-r2.patch.bz2 | patch -p1 \ Marius Differences are _trivial_. - -- /* Alberto García Hierro (Skyhusker) */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE//Cuv4O6JklHkL2cRAhlfAJ93O+03W2bqyWPFEldh5xzLl7lNOQCaAgXI K2tCoZiqWXeYv/RjTRFH/IU= =CG+d -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] gentoo-sources-2.4.22-r3
On 01/07/04 Alberto Garcia Hierro wrote: Differences are _trivial_. I wasn't talking about the differences but the vulnerability. Marius -- Public Key at http://www.genone.de/info/gpg-key.pub In the beginning, there was nothing. And God said, 'Let there be Light.' And there was still nothing, but you could see a bit better. pgp0.pgp Description: PGP signature
Re: [gentoo-user] gentoo-sources-2.4.22-r3
Marius Mauch wrote: On 01/07/04 Alberto Garcia Hierro wrote: Differences are _trivial_. I wasn't talking about the differences but the vulnerability. So, does gentoo-sources-2.4.22r3 address this recent vulnerability or not? :-) I just finished upgrading everything to 2.4.22r2, so if I'm going to reboot stuff, now is a good time. ;) -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] gentoo-sources-2.4.22-r3
On 01/07/04 Jonathan Nichols wrote: So, does gentoo-sources-2.4.22r3 address this recent vulnerability or not? :-) I just finished upgrading everything to 2.4.22r2, so if I'm going to reboot stuff, now is a good time. ;) Both r2 and r3 were fixed yesterday, however to be sure use r3 (the patch was added to r2 after it was already deployed, so it's hard to say wether your installation has it). Marius -- Public Key at http://www.genone.de/info/gpg-key.pub In the beginning, there was nothing. And God said, 'Let there be Light.' And there was still nothing, but you could see a bit better. pgp0.pgp Description: PGP signature