Re: Security update packages don't recognized patched 4.3-RELEASE

From: Andrew Kenneth Milton (akm@theinternet.com.au)
Date: 08/31/01


Date: Fri, 31 Aug 2001 13:25:54 +1000
From: Andrew Kenneth Milton <akm@theinternet.com.au>
To: Kris Kennaway <kris@obsecurity.org>


+-------[ Kris Kennaway ]----------------------
| On Thu, Aug 30, 2001 at 10:28:55PM +0200, Blaz Zupan wrote:
| > I usually cvsup RELENG_4_3 to update our servers, but this time I wanted to
| > quickly patch the lpd hole by simply installing the update package.
| > Unfortunatelly it complains that it can only be installed on 4.3-RELEASE.
| > Well, I *am* running 4.3-RELEASE, but patched up to 4.3-RELEASE-p14. I believe
| > the +INSTALL script should support this, what do others think?
|
| It was a deliberate decision to only support 4.3-RELEASE, not
| arbitrary cvsup dates of RELENG_4_3 so we don't have to worry about
| possible weird package interactions with changes on that branch at
| some point. Basically, we expect that if you can cvsup once, you can
| cvsup twice :)

Do they work with arbitrary combinations of binary updates ?

Which is to say are they generated from 4.3-RELEASE or generated from
4.3-RELEASE + previous binary updates?

I'm not sure there would be any contention there, but, I can see how
it could lead to the same situation as cvsupping (given enough updates).

-- 
Totally Holistic Enterprises Internet|                      | Andrew Milton
The Internet (Aust) Pty Ltd          |                      |
ACN: 082 081 472 ABN: 83 082 081 472 |  M:+61 416 022 411   | Carpe Daemon
PO Box 837 Indooroopilly QLD 4068    |akm@theinternet.com.au| 
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message