1 |
Calum writes: |
2 |
| |
3 |
| Brian G. Peterson wrote: |
4 |
| |
5 |
| > I subscribe to the GLSA RSS feed, and scan that feed manually against my |
6 |
| > installed software list. The glsa-check tool is basically useless (as of |
7 |
| |
8 |
| > gentoolkit-0.2.1_pre7), as it shows all GLSAs rather than just GLSAs for |
9 |
| > tools that correspond to packages installed on the system it is run on. |
10 |
| |
11 |
| I run glsa-check -l | grep '\[N\]' in a cron, and have the results |
12 |
| emailed to me at a central email address. |
13 |
|
14 |
Time for me to make a fool of myself ;). Ive been running |
15 |
|
16 |
|
17 |
| emerge -uD world -pv |
18 |
|
19 |
|
20 |
to look for updates and I was a little surprised at the following.... |
21 |
|
22 |
|
23 |
|
24 |
| # emerge -uD world -pv |
25 |
| |
26 |
| These are the packages that I would merge, in order: |
27 |
| |
28 |
| Calculating world dependencies ...done! |
29 |
| [ebuild U ] sys-devel/libperl-5.8.7 [5.8.6-r1] +berkdb -debug +gdbm -ithreads 9,608 kB |
30 |
| [ebuild U ] dev-lang/perl-5.8.7-r1 [5.8.6-r5] +berkdb -build -debug -doc +gdbm -ithreads -minimal -perlsuid 0 kB |
31 |
| |
32 |
| Total size of downloads: 9,608 kB |
33 |
|
34 |
|
35 |
Which doesnt list....... |
36 |
|
37 |
|
38 |
| # glsa-check -l |& grep '\[N\]' |
39 |
| [N] indicates that the system might be affected. |
40 |
| 200507-16 [N] dhcpcd: Denial of Service vulnerability ( net-misc/dhcpcd ) |
41 |
|
42 |
|
43 |
but if I check the package by directly it does need an update (and |
44 |
quite badly it seems)... |
45 |
|
46 |
|
47 |
| # emerge -pv dhcpcd |
48 |
| |
49 |
| These are the packages that I would merge, in order: |
50 |
| |
51 |
| Calculating dependencies ...done! |
52 |
| [ebuild U ] net-misc/dhcpcd-2.0.0 [1.3.22_p4-r5] -build -debug -static 119 kB |
53 |
| |
54 |
| Total size of downloads: 119 kB |
55 |
|
56 |
|
57 |
|
58 |
Huh? Have I just foolishly assumed that emerge world checks all packages? |
59 |
Is there some 'better' way to list all packages that need updates |
60 |
both security and normal (and I missed it)? |
61 |
|
62 |
I thought it might just have been me (running ppc64), but I notice my |
63 |
friends intel box has exactly the same problem, right down to the same |
64 |
version of dhcpcd. |
65 |
|
66 |
Ok, I just checked the security handbook and it only mentions |
67 |
glsa-check. Ok, its probably my bad... but shouldnt emerge world |
68 |
merge security updates too? |
69 |
|
70 |
|
71 |
cheers, |
72 |
cam |
73 |
|
74 |
|
75 |
-- |
76 |
/ `Rev Dr' cam at darkqueen.org Roleplaying, virtual goth \ |
77 |
< http://darkqueen.org Poly, *nix, Python, C/C++, genetics, ATM > |
78 |
\ [+61 3] 9809 1523[h] skeptic, Evil GM(tm). Sysadmin for hire / |
79 |
---------- Random Quote ---------- |
80 |
Excellent day for drinking heavily. Spike the office water cooler. |
81 |
-- |
82 |
gentoo-security@g.o mailing list |