OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Rogier Krieger (rogier_at_virgiel.nl)
Date: Wed Oct 09 2002 - 13:16:13 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi everyone,

    trying to upgrade my 1.6 box (i386) for a few recent security
    advisories (2002/19, 21, 22 and 23), I came accross a few problems.
    It seems everything now works, but I'd still like to check.

    It might be a good thing to, if this procedure is indeed the correct
    one, put this on some manual or documentation page. Perhaps it is my
    lack of expertise, but it might help others trying to follow up on
    security advisories. It took me quite some digging to get to the
    first three. Did I miss anything overly obvious? Need I add
    more items before I can succesfully process all patches?

    1. Obtain sources through CVS (using ssh):
            CVSROOT anoncvsanoncvs.netbsd.org:/cvsroot
            CVS_RSH ssh

            cd /usr
            cvs checkout -r netbsd-1-6 -PA src

    2. Make the object directories
            mkdir /usr/obj
            make obj

    3. Prepare the toolchain
            cd /usr/src
            ./build.sh -t

    4. Apply the instructions (updating CVS parts and make'ing them)

    In the advisories, I couldn't find a link to the initial three
    instructions. Need anything more be done to succesfully apply the
    advisory instructions? Updating talkd and rogue (from 2002/19 and 20)
    worked fine after building the toolchain, but I had problems with pic
    and smrsh. They both claimed to miss files, altough I explicitly did
    a [ make cleandir dependall ]. Doing a make in other directories
    (libsmutil for smrsh and libgroff for pic) seemed to do the trick.

    It seems odd that I do specific directory searching in order to be
    able to apply a patch. Did I misinterpret the 'dependall' part in the
    make command or are my troubles not due to my (lack of) actions?

    I'm sorry if the answers can easily be found in the documentation,
    but my search for this came up dry. I'd appreciate any insight.

    Cheers,

    Rogier Krieger

    Links to the relevant SA's:
    [
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-019.txt.as
    c ]
    [
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-021.txt.as
    c ]
    [
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-022.txt.as
    c ]
    [
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-023.txt.as
    c ] 

    --
"Eagles fly, but weasels don't get caught in jet engines..."