Bug 6674 - Mesa: fix for different version tainted/core, CVE-2012-2864 fix pending...
Summary: Mesa: fix for different version tainted/core, CVE-2012-2864 fix pending...
Status: RESOLVED DUPLICATE of bug 7381
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 2
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL: http://www.mesa3d.org/relnotes-8.0.3....
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-07-03 19:54 CEST by Hans Micheelsen
Modified: 2012-09-07 21:27 CEST (History)
11 users (show)

See Also:
Source RPM: mesa-8.0.2-2.mga2.src.rpm
CVE:
Status comment:


Attachments

Description Hans Micheelsen 2012-07-03 19:54:18 CEST
Description of problem:
The version of mesa in mga is 8.0.2. Bug fix release 8.0.3 is available. 
Release notes: http://www.mesa3d.org/relnotes-8.0.3.html


Version-Release number of selected component (if applicable):
Version 8.0.2 to be updated to version 8.0.3
Comment 1 Manuel Hiebel 2012-07-03 22:30:00 CEST
Please commiter, note that we have 
8.0.2-2.mga2 in core, and  8.0-1.mga2.tainted in tainted so we need anyway an update for fix that ihmo

CC: (none) => anssi.hannula, dmorganec, fundawang, mageia, pterjan, thierry.vignaud, tmb

Comment 2 Simon Putt 2012-07-06 20:24:48 CEST
Yes I noticed there is conflicting versions of mesa and mesa-tainted. And I second an update to this new 8.0.3 version. thanks

Simon/Lemonzest

CC: (none) => lemonzest

Helge Hielscher 2012-07-23 16:50:10 CEST

CC: (none) => hhielscher

Manuel Hiebel 2012-08-05 00:48:39 CEST

Summary: Update request: Bug fix release of mesa available => Update request: Bug fix release of mesa available (fix for different version tainted/core)

Comment 3 Simon Putt 2012-08-05 01:09:53 CEST
8.0.4 is out now
Thierry Vignaud 2012-08-13 11:50:21 CEST

Keywords: (none) => Junior_job

Comment 4 Hans Micheelsen 2012-08-14 07:43:59 CEST
Why is mesa in tainted? Do we have a list of IP-issues?
Comment 5 Thierry Vignaud 2012-08-14 08:52:14 CEST
Just look at its description, it's explained.
It's mainly about compressed textures which use S3TC format which is patented.
Hence it's not done in mesa but in txc-dxtn library which in tainted.

The tainted build of mesa just pull this library in order to enable support for compressed textures.
Comment 6 Simon Putt 2012-08-14 12:16:59 CEST
Tainted has float buffer support, s3tc seems to be in the non-tainted build (using it with lib64xtc and its working fine), float textures are a requirement for opengl 3.0 + and is patented :(
Comment 7 Hans Micheelsen 2012-08-14 16:20:43 CEST
So there is a need for a tainted version. At least for the next 20 years.
But still those two versions should be of the same version. Is there any reason for them not to be of the same version?
Comment 8 Thierry Vignaud 2012-08-14 16:45:09 CEST
No. The one who updated it last forgot to do it.
Anyway, anybody can push the mesa-8.0.4 into */update_testing
Comment 9 Thomas Backlund 2012-08-23 16:38:17 CEST
there is also a CVE-2012-2864 being discussed upstream:
http://www.mail-archive.com/mesa-dev@lists.freedesktop.org/msg25207.html


https://bugzilla.redhat.com/show_bug.cgi?id=851006

Keywords: Junior_job => (none)
Component: RPM Packages => Security
Summary: Update request: Bug fix release of mesa available (fix for different version tainted/core) => Update request: Bug fix release of mesa available (fix for different version tainted/core), CVE-2012-2864 fix pending...

Comment 10 Anderson Carvalho 2012-09-01 20:37:02 CEST
I need update for my tainted mesa version to Mageia 2 x86_64, because some features chromium-browser don't work with the core version.

CC: (none) => frateraec

Comment 11 Thierry Vignaud 2012-09-07 09:52:25 CEST
I've uploaded 8.0.4 to both core & tainted's updates_testing
Thierry Vignaud 2012-09-07 09:54:19 CEST

Blocks: (none) => 7381

Comment 12 Anderson Carvalho 2012-09-07 12:41:23 CEST
I installed 8.0.4 tainted for test! Mageia 2 x86_64
David Walser 2012-09-07 13:31:15 CEST

Blocks: 7381 => (none)

Comment 13 David Walser 2012-09-07 13:33:46 CEST
This bug is a mix of several different issues.

The update for Mageia 2 is now in Bug 7381.

We'll leave this bug for the issues in Cauldron.

CC: (none) => luigiwalser
Version: 2 => Cauldron
Summary: Update request: Bug fix release of mesa available (fix for different version tainted/core), CVE-2012-2864 fix pending... => Mesa: fix for different version tainted/core, CVE-2012-2864 fix pending...

Comment 14 Thomas Backlund 2012-09-07 13:47:09 CEST
(In reply to comment #13)
> This bug is a mix of several different issues.
> 
> The update for Mageia 2 is now in Bug 7381.
> 
> We'll leave this bug for the issues in Cauldron.

This one has _nothing_ what so ever to do with Cauldron,
it ia a Mga2 only issue (including the CVE), was tracked
and will be resolved with the mesa update goining out...

Version: Cauldron => 2
Depends on: (none) => 7381

Comment 15 David Walser 2012-09-07 13:50:34 CEST
(In reply to comment #14)
> (In reply to comment #13)
> > This bug is a mix of several different issues.
> > 
> > The update for Mageia 2 is now in Bug 7381.
> > 
> > We'll leave this bug for the issues in Cauldron.
> 
> This one has _nothing_ what so ever to do with Cauldron,
> it ia a Mga2 only issue (including the CVE), was tracked
> and will be resolved with the mesa update goining out...

Just goes to show how confusing this bug is.  I thought it said the core/tainted version mismatch also affected Cauldron.  I don't believe the CVE is fixed in Cauldron, but if you don't want a bug for that, then this is just a duplicate now.

*** This bug has been marked as a duplicate of bug 7381 ***

Status: NEW => RESOLVED
Depends on: 7381 => (none)
Resolution: (none) => DUPLICATE

Comment 16 Thomas Backlund 2012-09-07 21:27:08 CEST
(In reply to comment #15)
 
> Just goes to show how confusing this bug is.  I thought it said the
> core/tainted version mismatch also affected Cauldron.  

Well, a cauldron only mismatch is usually detected pretty fast, and
will simply be re-submitted when needed...


> I don't believe the CVE
> is fixed in Cauldron, but if you don't want a bug for that, then this is just a
> duplicate now.
> 

It's fixed in the current snapshot waiting to be built:

mesa-9.0.0-0.git20120906.1.mga3

Note You need to log in before you can comment on or make changes to this bug.