View previous topic :: View next topic |
Author |
Message |
redblade7 Tux's lil' helper
Joined: 11 Jan 2018 Posts: 106
|
Posted: Tue Jun 25, 2024 11:35 pm Post subject: Question about GURU's dev-ml/ollama |
|
|
Hi,
Recently dev-ml/ollama was added to the GURU repository. Today I heard of a serious security bug in the news with ollama, fixed in version 0.1.34. But the dev-ml/ollama is version "9999" and running "ollama --version" reports version number "0.0.0" Does anyone know anything about this ebuild or what version it is, or whether the security bug will be fixed?
Thank you! |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22673
|
Posted: Wed Jun 26, 2024 12:21 am Post subject: |
|
|
Normally, a version -9999 ebuild is whatever was current in master at the moment you built it. Therefore, whether it includes the fix of interest depends on whether that fix was in master when you last built that version.
The internally reported version of 0.0.0 is probably because the upstream project does not maintain a proper version number in source control, and instead patches that in as part of the release process. If so, the reported version is meaningless.
I cannot comment on when or if the upstream project will fix the bug. Since you did not link to any of the news, I do not know what security bug you mean. |
|
Back to top |
|
|
redblade7 Tux's lil' helper
Joined: 11 Jan 2018 Posts: 106
|
Posted: Wed Jun 26, 2024 1:05 am Post subject: |
|
|
Hu wrote: | Normally, a version -9999 ebuild is whatever was current in master at the moment you built it. Therefore, whether it includes the fix of interest depends on whether that fix was in master when you last built that version.
The internally reported version of 0.0.0 is probably because the upstream project does not maintain a proper version number in source control, and instead patches that in as part of the release process. If so, the reported version is meaningless.
I cannot comment on when or if the upstream project will fix the bug. Since you did not link to any of the news, I do not know what security bug you mean. |
https://www.theregister.com/2024/06/24/rce_ollama_wiz/ |
|
Back to top |
|
|
Banana Moderator
Joined: 21 May 2004 Posts: 1737 Location: Germany
|
|
Back to top |
|
|
eugene-bright n00b
Joined: 23 Sep 2018 Posts: 2
|
Posted: Thu Jun 27, 2024 5:15 pm Post subject: Re: Question about GURU's dev-ml/ollama |
|
|
redblade7 wrote: |
"ollama --version" reports version number "0.0.0"
|
Here is the ebuild fix, the version will be reported correctly as soon as it's accepted (for the new builds of course)
https://github.com/gentoo/guru/pull/205 |
|
Back to top |
|
|
|