Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Patch desription files for SuSe 7.1 cause double downloads
  • From: "Hemsley, Trevor" <Trevor.Hemsley@xxxxxxxxxxxxxx>
  • Date: Mon, 5 Aug 2002 10:36:37 +0100
  • Message-id: <C145E708A934D51186AB00805F85E45195769A@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Suse people

The patch description files that you have online for SuSE 7.1 are broken and
cause extra packages to be installed and also extra downloads to take place.
For example, the openssl file
~ftp/pub/suse/i386/update/7.1/patches/openssl-3652 contains three InstPath:
lines that tell it to patch sec1/openssl-0.9.6a-63, openssl-doc-0.9.6a-63
and openssl-devel-0.9.6a-63. YOU in SuSE 7.1 proceeds to apply all three of
these patches if the openssl.rpm is installed. If you only had openssl.rpm
installed before, you now also have openssl-doc.rpm and openssl-devel.rpm.
If you now run YOU a second time, it finds the patch description files
openssl-doc-1 and openssl-devel-1 in ~ftp/pub/suse/i386/update/7.1/patches
and checks their status in /var/lib/YaST/patches/i386/update/7.1/patches and
sees these files as *.new so then applies them again, redownloading the rpm
files for each one.

This is not just openssl that's affected by this, it's also apache,
apache-contrib, bind8, mod_php4 and possibly others as well.

This sort of "multiple files in one patch description file" thing works ok
on SuSE 7.3 from what I can see but on Suse 7.1 it does not.

Trevor Hemsley,
Security Specialist,
Atos Origin Ltd,
Whyteleafe,
+44-(0)1883-628139

[This electronic transmission and any files attached to it are strictly
confidential and intended solely for the addressee. If you are not the
intended addressee, you must not disclose, copy or take any action in
reliance of this transmission. If you have received this transmission in
error, please notify us by return and delete the same. The views expressed
in this electronic transmission do not necessarily reflect those of Atos
Origin or any of its subsidiary companies. Although the sender endeavours to
maintain a computer virus free network, the sender does not warrant that
this transmission is virus-free and will not be liable for any damages
resulting from any virus transmitted. Thank You.]



< Previous Next >
This Thread
  • No further messages