Re: Upgrade of mlpack in epel-7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Oct 30, 2023 at 11:10 PM Benson Muite <benson_muite@xxxxxxxxxxxxx> wrote:
On 10/30/23 16:37, Troy Dawson wrote:
> On Sun, Oct 29, 2023 at 10:35 AM Benson Muite
> <benson_muite@xxxxxxxxxxxxx <mailto:benson_muite@xxxxxxxxxxxxx>> wrote:
>
>     Would like to upgrade mlpack from 3.4.2 to 4.2.1
>     Version 3 is no longer maintained, and there do not seem to be
>     dependencies on mlpack, at least in Fedora. This is prompted by
>     CVE-2021-28021, CVE-2021-42715, CVE-2021-42716, and CVE-2022-28041
>     https://src.fedoraproject.org/rpms/mlpack/pull-request/12
>     <https://src.fedoraproject.org/rpms/mlpack/pull-request/12>
>
>
> Since this is for a CVE, that is good.
> Also, it looks like nothing depends on it, so that also makes things easier.
>
> Do you know of any features that were removed between version 3.x and 4.x?
> In short, if someone were actively using version 3.x of mlpack, do you
> know what they would need to change (if anything) to use the version 4.x?
>
The biggest change is that for development it became a header only
library that requires C++14.  Had not realized non breaking changes
should not be made, so the spec file is for version 4, but it does not
build and so version 3.4.2 is still shipped.  Can revert changes in git
history so that 3.4.2 is used, and update requirements on included stb
header files if that is allowed.

If that is possible, and it fixes the CVE's, that would be best.

If you find that it isn't possible, or it doesn't fix the CVE's, then an exception can be made.
Part of the exception process is to say what changes between the versions, so people are prepared.
Having the list of things that change is also good when bugs get opened, we can point them to that list.

Troy


_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux