On Mon, Oct 30, 2023 at 11:10 PM Benson Muite <benson_muite@xxxxxxxxxxxxx> wrote:
On 10/30/23 16:37, Troy Dawson wrote:
> On Sun, Oct 29, 2023 at 10:35 AM Benson Muite
> <benson_muite@xxxxxxxxxxxxx <mailto:benson_muite@xxxxxxxxxxxxx>> wrote:
>
> Would like to upgrade mlpack from 3.4.2 to 4.2.1
> Version 3 is no longer maintained, and there do not seem to be
> dependencies on mlpack, at least in Fedora. This is prompted by
> CVE-2021-28021, CVE-2021-42715, CVE-2021-42716, and CVE-2022-28041
> https://src.fedoraproject.org/rpms/mlpack/pull-request/12
> <https://src.fedoraproject.org/rpms/mlpack/pull-request/12>
>
>
> Since this is for a CVE, that is good.
> Also, it looks like nothing depends on it, so that also makes things easier.
>
> Do you know of any features that were removed between version 3.x and 4.x?
> In short, if someone were actively using version 3.x of mlpack, do you
> know what they would need to change (if anything) to use the version 4.x?
>
The biggest change is that for development it became a header only
library that requires C++14. Had not realized non breaking changes
should not be made, so the spec file is for version 4, but it does not
build and so version 3.4.2 is still shipped. Can revert changes in git
history so that 3.4.2 is used, and update requirements on included stb
header files if that is allowed.
If that is possible, and it fixes the CVE's, that would be best.
If you find that it isn't possible, or it doesn't fix the CVE's, then an exception can be made.
Part of the exception process is to say what changes between the versions, so people are prepared.
Having the list of things that change is also good when bugs get opened, we can point them to that list.
Troy
_______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue