Re: [gentoo-user] Important security update for GnuPG!
On Thursday 04 January 2007 18:01, Thomas Rösner wrote: Nelson wrote: This is strange, I just made a emerge sync and then a emerge --update world. I have still version 1.4.5. I use x86 (no ~x86). [...] Maybe have I to do an emerge -uD ? because I do only emerge --update ? I don't think that's the problem. To my knowledge the -D means update related packages (it means deep). Half way right: in this case, gnupg-1.4.6 *is* a related package. If you have gnupg in world, and tell portage to --update world, it will update the highest slot version of gnupg, in this case 1.9. Only when you say --deep, it will go for the other slots, too, *if* something else still depends on them. See the original GLSAs for reference - the first GLSA used --update gnupg, the second corrected GLSA said --update =gnupg-1.4* or something equivalent (all from memory). Problem resolved: I did know a emerge -uD world and it updated my gnupg version to 1.4.6. So from now I will any time use the arguments -uD when I'm updating Gentoo. Would it not be better if the deep update would be the default update? Because this is confusing (for non gentoo experienced users). By the way the emerge =app-crypt/gnupg-1.4.6 worked also before I did the deep update. So its also possible to manally update gnupg. Thanks very much for your support. -- E-Mail sent with anti-spam site TrashMail.net! Free disposable email addresses: http://www.trashmail.net/ -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Important security update for GnuPG!
qfpvajdy wrote: Hello, [...advisory..] Could the maintainer please update to gnupg version 1.4.6? Currently the Gentoo GNU/Linux distribution delivers version 1.4.5. Then how did I get this? Installed versions: 1.4.6 Regards, T. -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] Important security update for GnuPG!
-Original Message- From: Thomas Rösner [mailto:[EMAIL PROTECTED] Sent: 04 January 2007 10:21 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Important security update for GnuPG! qfpvajdy wrote: Hello, [...advisory..] Could the maintainer please update to gnupg version 1.4.6? Currently the Gentoo GNU/Linux distribution delivers version 1.4.5. Then how did I get this? Installed versions: 1.4.6 Regards, T. Do you have it unmasked? My system is ~x86 and I have 1.4.6 and 2.0.1 (I think) but I'm not sure if these are officially the latest stable versions. Cheers David Note: These views are my own, advice is provided with no guarantee of success. I do not represent anyone else in any emails I send to this list. -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] Important security update for GnuPG!
gnupg 1.9.20-r3 and 1.4.6 are the latest stable GnuPG versions for x86. And they are perfectly available for me (I have both installed and am not using ~x86). -Kristian Poul Herkild -Original Message- From: Nelson, David (ED, PARD) [EMAIL PROTECTED] Date: Thu, 4 Jan 2007 13:34:00 - To: gentoo-user@lists.gentoo.org Subject: RE: [gentoo-user] Important security update for GnuPG! -Original Message- From: Thomas Rösner [mailto:[EMAIL PROTECTED] Sent: 04 January 2007 10:21 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Important security update for GnuPG! qfpvajdy wrote: Hello, [...advisory..] Could the maintainer please update to gnupg version 1.4.6? Currently the Gentoo GNU/Linux distribution delivers version 1.4.5. Then how did I get this? Installed versions: 1.4.6 Regards, T. Do you have it unmasked? My system is ~x86 and I have 1.4.6 and 2.0.1 (I think) but I'm not sure if these are officially the latest stable versions. Cheers David Note: These views are my own, advice is provided with no guarantee of success. I do not represent anyone else in any emails I send to this list. -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Important security update for GnuPG!
Nelson, David (ED, PARD) [EMAIL PROTECTED] writes: Do you have it unmasked? My system is ~x86 and I have 1.4.6 and 2.0.1 (I think) but I'm not sure if these are officially the latest stable versions. How did you manage to have both 1.4.6 and 2.0.1 installed at the same time? 2.0.1 has an RDEPEND '!=app-crypt/gnupg-2.0.1', so should not allow both versions to be installed at the same time. -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] Important security update for GnuPG!
-Original Message- From: Graham Murray [mailto:[EMAIL PROTECTED] Sent: 04 January 2007 14:05 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Important security update for GnuPG! Nelson, David (ED, PARD) [EMAIL PROTECTED] writes: Do you have it unmasked? My system is ~x86 and I have 1.4.6 and 2.0.1 (I think) but I'm not sure if these are officially the latest stable versions. How did you manage to have both 1.4.6 and 2.0.1 installed at the same time? 2.0.1 has an RDEPEND '!=app-crypt/gnupg-2.0.1', so should not allow both versions to be installed at the same time. -- gentoo-user@gentoo.org mailing list Erm I'm not sure. I think portage wanted to update 1.9.x to 2.0.x, and 1.4.5 to 1.4.6 - but it doesn't like both on the same system. So if I remember correctly I think I removed 1.4.5 using emerge --unmerge, and updated 1.9.x to 2.0.x using emerge -uD gnupg or somesuch. Then the next emerge -uD world I did I think it installed 1.4.6 for me. I'll double check when I get home and make sure. I might only have 2.x but I thought I had both. David Note: These views are my own, advice is provided with no guarantee of success. I do not represent anyone else in any emails I send to this list. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Important security update for GnuPG!
On Thursday 04 January 2007 15:34, Nelson, David (ED, PARD) wrote: Do you have it unmasked? My system is ~x86 and I have 1.4.6 and 2.0.1 (I think) but I'm not sure if these are officially the latest stable versions. 1.4.6 is currently marked x86 so any up to date tree will emerge that (unless it's package.masked by the user themselves). The original poster probably hasn't synced for a while and is using a tree several days old alan -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Important security update for GnuPG!
On 1/4/07, qfpvajdy [EMAIL PROTECTED] wrote: Hello, I'm surprised that after several emerge sync and emerge --update world operations since Wed Dec 6 2006, Gentoo has still not upgraded to GnuPG version 1.4.6. It's always helpful if you tell us your arch when you post things like this. Regardless, 1.4.6 was stabilized for x86 on Dec 7th, and for amd64 on Dec 8th: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-crypt/gnupg/gnupg-1.4.6.ebuild?rev=1.9view=log -Richard -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] Important security update for GnuPG!
-Original Message- From: qfpvajdy [mailto:[EMAIL PROTECTED] Sent: 04 January 2007 16:18 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Important security update for GnuPG! This is strange, I just made a emerge sync and then a emerge --update world. I have still version 1.4.5. I use x86 (no ~x86). This are the servers that I use for emerge: GENTOO_MIRRORS=http://linux.rz.ruhr-uni-bochum.de/download/ge ntoo-mirror/ http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ SYNC=rsync://rsync.europe.gentoo.org/gentoo-portage Maybe have I to do an emerge -uD ? because I do only emerge --update ? I don't think that's the problem. To my knowledge the -D means update related packages (it means deep). Try: emerge =category/gnupg-1.4.6 Replacing category with the correct category of course. Also look in /usr/portage/category/gnupg/ and see if there is a 1.4.6 ebuild hiding there. The download mirrors shouldnt matter - it would still try and *look* for 1.4.6 on them anyway. The RSYNC mirror shouldnt matter (I use the EU one too) but perhaps see if it is using the same mirror for rsync each time? David Note: These views are my own, advice is provided with no guarantee of success. I do not represent anyone else in any emails I send to this list. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Important security update for GnuPG!
qfpvajdy wrote: Maybe have I to do an emerge -uD ? because I do only emerge --update ? Yes. Or use glsa-check. Regards, T. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Important security update for GnuPG!
Nelson wrote: This is strange, I just made a emerge sync and then a emerge --update world. I have still version 1.4.5. I use x86 (no ~x86). [...] Maybe have I to do an emerge -uD ? because I do only emerge --update ? I don't think that's the problem. To my knowledge the -D means update related packages (it means deep). Half way right: in this case, gnupg-1.4.6 *is* a related package. If you have gnupg in world, and tell portage to --update world, it will update the highest slot version of gnupg, in this case 1.9. Only when you say --deep, it will go for the other slots, too, *if* something else still depends on them. See the original GLSAs for reference - the first GLSA used --update gnupg, the second corrected GLSA said --update =gnupg-1.4* or something equivalent (all from memory). Regards, T. -- gentoo-user@gentoo.org mailing list
