On 05/06/2011 04:08 PM, opensuse-security@opensuse.org wrote:
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
openSUSE 11.4:
zypper in -t patch libzip-devel-4188
openSUSE 11.3:
zypper in -t patch libzip-devel-4188
openSUSE 11.2:
zypper in -t patch libzip-devel-4188
To bring your system up-to-date, use "zypper patch".
toganm@desktop:~> sudo zypper patch Loading repository data... Reading installed packages... Resolving package dependencies...
The following NEW patch is going to be installed: libzip-devel
The following package is going to be upgraded: libzip1
1 package to upgrade. Overall download size: 21.0 KiB. No additional space will be used or freed after the operation. Continue? [y/n/?] (y):
Why would it be needed to install the libzip-devel file when it is not installed in the system ? Aren't -devel packages needen for packaging but not ordinary use ?
toganm@desktop:~> rpm -q libzip-devel package libzip-devel is not installed
Thanks
Togan
On Fri, May 06, 2011 at 05:13:50PM +0200, Togan Muftuoglu wrote:
On 05/06/2011 04:08 PM, opensuse-security@opensuse.org wrote:
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
openSUSE 11.4:
zypper in -t patch libzip-devel-4188
openSUSE 11.3:
zypper in -t patch libzip-devel-4188
openSUSE 11.2:
zypper in -t patch libzip-devel-4188
To bring your system up-to-date, use "zypper patch".
toganm@desktop:~> sudo zypper patch Loading repository data... Reading installed packages... Resolving package dependencies...
The following NEW patch is going to be installed: libzip-devel
The following package is going to be upgraded: libzip1
1 package to upgrade. Overall download size: 21.0 KiB. No additional space will be used or freed after the operation. Continue? [y/n/?] (y):
Why would it be needed to install the libzip-devel file when it is not installed in the system ? Aren't -devel packages needen for packaging but not ordinary use ?
toganm@desktop:~> rpm -q libzip-devel package libzip-devel is not installed
It is the patchname, not the packagename, as libzip-devel is alphabetically before libzip1. (and the patchname is usually the first alphabetical package from the packagelist within the patch).
Ciao, Marcus
On 05/06/2011 05:17 PM, Marcus Meissner wrote:
It is the patchname, not the packagename, as libzip-devel is alphabetically before libzip1. (and the patchname is usually the first alphabetical package from the packagelist within the patch).
Ooops my bad. Sorry for the wrong alarm, guess need to get an eye test sooner than expected.
Thanks
Togan
On Fri, 6 May 2011 17:17:32 +0200 Marcus Meissner meissner@suse.de wrote:
It is the patchname, not the packagename, as libzip-devel is alphabetically before libzip1. (and the patchname is usually the first alphabetical package from the packagelist within the patch).
which very often makes for the worst possible patch names.
Why can't this algorithm just skip *devel packages when creating the patch name? It's very seldom the devel package which has the security problem after all.
-
Marcus Meissner -
Stefan Seyfried -
Togan Muftuoglu