Mailinglist Archive: opensuse-security (32 mails)

< Previous Next >
[opensuse-security] [11.1] Wireshark security update has a strange version number
  • From: Manfred Hollstein <manfred@xxxxxxxxxxxxxxxxx>
  • Date: Tue, 13 Jan 2009 10:10:49 +0100
  • Message-id: <20090113091049.GD6671@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Hi there,

I stumbled across this because I'm used to use apt-get for installing
and updating packages. With a default configuration (just the RPMs from
the DVD9 media linked into one RPMS.oss directory and the OS-11.1
updates repository as another installation source), it offers me to
"update" the wireshark package.

What's strange with this is, that this security update has version


while the original one from the installation DVD has version


So, I could work-around this by creating an entry in
/etc/apt/preferences (similar to zypper's priority and locks
mechanisms), but to me this sounds wrong. Shouldn't have an update
package _always_ have a version number than its preceeding package, i.e.
the one that the update should replace?!?! FWIW, I extracted both RPMs
and compared the resulting directories, and there are indeed

# diff -rcp wireshark-1.0.4-2.1 wireshark-1.0.4-2.5
Files wireshark-1.0.4-2.1/usr/lib/ and
wireshark-1.0.4-2.5/usr/lib/ differ
Files wireshark-1.0.4-2.1/usr/lib/ and
wireshark-1.0.4-2.5/usr/lib/ differ
Files wireshark-1.0.4-2.1/usr/share/man/man1/wireshark.1.gz and
wireshark-1.0.4-2.5/usr/share/man/man1/wireshark.1.gz differ
Files wireshark-1.0.4-2.1/usr/share/man/man4/wireshark-filter.4.gz and
wireshark-1.0.4-2.5/usr/share/man/man4/wireshark-filter.4.gz differ

Don't get me wrong, I'm not arguing that apt-get is better than zypper
(in fact, zypper is much better than apt-get in the meantime, but
there's a lot of legacy repositories I have created myself... and as
long I'm still using older SUSE versions like SLES 10, openSUSE 10.3,
there's not really an option to switch over to zypper completely yet),
but shouldn't the build service ensure, that an updated package will get
a monotonously increasing version number? And, shouldn't this "wireshark
security update" be re-built with a proper version number?

BTW, why have glibc and glibc-devel differing version numbers on i586
and i686? These are the packages on the DVD:


This would lead to an "update" for glibc using apt-get as well...
Architectural "compatible" packages should have identical version
numbers, shouldn't they?

TIA, cheers.

< Previous Next >
Follow Ups