Would like to upgrade mlpack from 3.4.2 to 4.2.1 Version 3 is no longer maintained, and there do not seem to be dependencies on mlpack, at least in Fedora. This is prompted by CVE-2021-28021, CVE-2021-42715, CVE-2021-42716, and CVE-2022-28041 https://src.fedoraproject.org/rpms/mlpack/pull-request/12
On Sun, Oct 29, 2023 at 10:35 AM Benson Muite benson_muite@emailplus.org wrote:
Would like to upgrade mlpack from 3.4.2 to 4.2.1 Version 3 is no longer maintained, and there do not seem to be dependencies on mlpack, at least in Fedora. This is prompted by CVE-2021-28021, CVE-2021-42715, CVE-2021-42716, and CVE-2022-28041 https://src.fedoraproject.org/rpms/mlpack/pull-request/12
Since this is for a CVE, that is good. Also, it looks like nothing depends on it, so that also makes things easier.
Do you know of any features that were removed between version 3.x and 4.x? In short, if someone were actively using version 3.x of mlpack, do you know what they would need to change (if anything) to use the version 4.x?
Troy
On 10/30/23 16:37, Troy Dawson wrote:
On Sun, Oct 29, 2023 at 10:35 AM Benson Muite <benson_muite@emailplus.org mailto:benson_muite@emailplus.org> wrote:
Would like to upgrade mlpack from 3.4.2 to 4.2.1 Version 3 is no longer maintained, and there do not seem to be dependencies on mlpack, at least in Fedora. This is prompted by CVE-2021-28021, CVE-2021-42715, CVE-2021-42716, and CVE-2022-28041 https://src.fedoraproject.org/rpms/mlpack/pull-request/12 <https://src.fedoraproject.org/rpms/mlpack/pull-request/12>
Since this is for a CVE, that is good. Also, it looks like nothing depends on it, so that also makes things easier.
Do you know of any features that were removed between version 3.x and 4.x? In short, if someone were actively using version 3.x of mlpack, do you know what they would need to change (if anything) to use the version 4.x?
The biggest change is that for development it became a header only library that requires C++14. Had not realized non breaking changes should not be made, so the spec file is for version 4, but it does not build and so version 3.4.2 is still shipped. Can revert changes in git history so that 3.4.2 is used, and update requirements on included stb header files if that is allowed.
Troy
epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On Mon, Oct 30, 2023 at 11:10 PM Benson Muite benson_muite@emailplus.org wrote:
On 10/30/23 16:37, Troy Dawson wrote:
On Sun, Oct 29, 2023 at 10:35 AM Benson Muite <benson_muite@emailplus.org mailto:benson_muite@emailplus.org> wrote:
Would like to upgrade mlpack from 3.4.2 to 4.2.1 Version 3 is no longer maintained, and there do not seem to be dependencies on mlpack, at least in Fedora. This is prompted by CVE-2021-28021, CVE-2021-42715, CVE-2021-42716, and CVE-2022-28041 https://src.fedoraproject.org/rpms/mlpack/pull-request/12 <https://src.fedoraproject.org/rpms/mlpack/pull-request/12>
Since this is for a CVE, that is good. Also, it looks like nothing depends on it, so that also makes things
easier.
Do you know of any features that were removed between version 3.x and
4.x?
In short, if someone were actively using version 3.x of mlpack, do you know what they would need to change (if anything) to use the version 4.x?
The biggest change is that for development it became a header only library that requires C++14. Had not realized non breaking changes should not be made, so the spec file is for version 4, but it does not build and so version 3.4.2 is still shipped. Can revert changes in git history so that 3.4.2 is used, and update requirements on included stb header files if that is allowed.
If that is possible, and it fixes the CVE's, that would be best.
If you find that it isn't possible, or it doesn't fix the CVE's, then an exception can be made. Part of the exception process is to say what changes between the versions, so people are prepared. Having the list of things that change is also good when bugs get opened, we can point them to that list.
Troy
epel-devel@lists.fedoraproject.org