errata 001_perl.patch

classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

errata 001_perl.patch

Joerg Streckfuss
hi list.

last night i patched my openbsd-3.8
soekris-box. Everything went fine.
I've got another box for firewalling with
512MB-flash standard setup, but without any
compiler-suite installed. Of course i want to patch this
box as soon as possible. shoud i copy the complete
perl-files to this box? or is there a smarter way
to have an upgraded system?

Regards,

Joerg.


--
Dipl.-Ing. Joerg StreckfuC
fon:    +49 40 - 41 11 66 86
cell:   +49 179 - 49 88 51 0
mail:   [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

Eric Pancer
On Thu, 2006-01-12 at 21:15:37 +0100, Joerg Streckfuss proclaimed...

> last night i patched my openbsd-3.8
> soekris-box. Everything went fine.
> I've got another box for firewalling with
> 512MB-flash standard setup, but without any
> compiler-suite installed. Of course i want to patch this
> box as soon as possible. shoud i copy the complete
> perl-files to this box? or is there a smarter way
> to have an upgraded system?

Why don't you just rsync from the trusted build machine?

Maybe /usr/bin and /usr/lib and anything else that changed.

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

Han Boetes
In reply to this post by Joerg Streckfuss
I doubt you need perl at all on a box like that. You can also
consider to simply remove all the perl on that system.


# Han

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

Joachim Schipper
In reply to this post by Joerg Streckfuss
On Thu, Jan 12, 2006 at 09:15:37PM +0100, Joerg Streckfuss wrote:

> hi list.
>
> last night i patched my openbsd-3.8
> soekris-box. Everything went fine.
> I've got another box for firewalling with
> 512MB-flash standard setup, but without any
> compiler-suite installed. Of course i want to patch this
> box as soon as possible. shoud i copy the complete
> perl-files to this box? or is there a smarter way
> to have an upgraded system?

See release(8)? It will yield you a base38.tgz which you can untar
anywhere. Don't forget the -p switch when using it to upgrade the base
system, though.

                Joachim

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

Clint M. Sand
In reply to this post by Han Boetes
On Thu, Jan 12, 2006 at 09:38:07PM +0100, Han Boetes wrote:
> I doubt you need perl at all on a box like that. You can also
> consider to simply remove all the perl on that system.
>
>
> # Han

The pkg_* tools are perl. Even though its a firewall he may need to
install/remove/maintain pkg's of some sort.

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

Randal L. Schwartz
>>>>> "Clint" == Clint M Sand <[hidden email]> writes:

Clint> On Thu, Jan 12, 2006 at 09:38:07PM +0100, Han Boetes wrote:
>> I doubt you need perl at all on a box like that. You can also
>> consider to simply remove all the perl on that system.
>>
>>
>> # Han

Clint> The pkg_* tools are perl. Even though its a firewall he may need to
Clint> install/remove/maintain pkg's of some sort.

If it's the bug I'm thinking of (the sprintf issue), only the /usr/bin/perl
binary is affected.  You can probably get away with copying only that.

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<[hidden email]> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

Han Boetes
In reply to this post by Clint M. Sand
Clint M. Sand wrote:
> On Thu, Jan 12, 2006 at 09:38:07PM +0100, Han Boetes wrote:
> > I doubt you need perl at all on a box like that. You can also
> > consider to simply remove all the perl on that system.
>
> The pkg_* tools are perl. Even though its a firewall he may need
> to install/remove/maintain pkg's of some sort.

Ever seen the contents of a package? You don't need perl for
maintaining that. Just a simple script can do the removing and
adding of packages.



# Han

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

Diana Eichert
In reply to this post by Randal L. Schwartz
On Thu, 12 Jan 2006, Randal L. Schwartz wrote:
SNIP
> Clint> The pkg_* tools are perl. Even though its a firewall he may need to
> Clint> install/remove/maintain pkg's of some sort.
>
> If it's the bug I'm thinking of (the sprintf issue), only the /usr/bin/perl
> binary is affected.  You can probably get away with copying only that.

I figured you might have some input on this, since you've been active in
the Perl community for quite some time.

Did you ever get your PF/OpenVPN issue resolved?

diana

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

Ted Unangst-2
In reply to this post by Clint M. Sand
if you're installing a package that's going to exploit a bug in perl,
why are you installing it?

On 1/12/06, Clint M. Sand <[hidden email]> wrote:
> On Thu, Jan 12, 2006 at 09:38:07PM +0100, Han Boetes wrote:
> > I doubt you need perl at all on a box like that. You can also
> > consider to simply remove all the perl on that system.
> >
> >
> > # Han
>
> The pkg_* tools are perl. Even though its a firewall he may need to
> install/remove/maintain pkg's of some sort.

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

Gerardo Santana Gómez Garrido
In reply to this post by Joerg Streckfuss
2006/1/12, Joerg Streckfuss <[hidden email]>:

> hi list.
>
> last night i patched my openbsd-3.8
> soekris-box. Everything went fine.
> I've got another box for firewalling with
> 512MB-flash standard setup, but without any
> compiler-suite installed. Of course i want to patch this
> box as soon as possible. shoud i copy the complete
> perl-files to this box? or is there a smarter way
> to have an upgraded system?


http://binpatch.openbsd.org.mx/

*if* you trust me.

--
Gerardo Santana
"Between individuals, as between nations, respect for the rights of
others is peace" - Don Benito Juarez
http://santanatechnotes.blogspot.com/

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

Randal L. Schwartz
In reply to this post by Diana Eichert
>>>>> "Diana" == Diana Eichert <[hidden email]> writes:

Diana> Did you ever get your PF/OpenVPN issue resolved?

Commenting out the only line related to OpenVPN still fails to load
it, and I didn't yet have an opportunity to put stdout/stderr capture
on the /etc/rc load.  Oddly enough, I copied those same lines
to the end of my /etc/rc.local, and it works fine, so I'm not worried
for now, just puzzled.

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<[hidden email]> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

Eric Pancer
In reply to this post by Ted Unangst-2
On Thu, 2006-01-12 at 16:13:23 -0800, Ted Unangst proclaimed...

> if you're installing a package that's going to exploit a bug in perl,
> why are you installing it?

So are you advocating that people not patch, or not install packages?

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

Clint M. Sand
In reply to this post by Ted Unangst-2
On Thu, Jan 12, 2006 at 04:13:23PM -0800, Ted Unangst wrote:
> if you're installing a package that's going to exploit a bug in perl,
> why are you installing it?
>

my point is that if you want to install packages at all you need the
perl binary. That is in response so someone suggesting you do not need
perl at all.

I think you are missinterpreting.

> On 1/12/06, Clint M. Sand <[hidden email]> wrote:
> > On Thu, Jan 12, 2006 at 09:38:07PM +0100, Han Boetes wrote:
> > > I doubt you need perl at all on a box like that. You can also
> > > consider to simply remove all the perl on that system.
> > >
> > >
> > > # Han
> >
> > The pkg_* tools are perl. Even though its a firewall he may need to
> > install/remove/maintain pkg's of some sort.

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

Stuart Henderson
In reply to this post by Eric Pancer
On 2006/01/12 19:10, eric wrote:
> On Thu, 2006-01-12 at 16:13:23 -0800, Ted Unangst proclaimed...
> > if you're installing a package that's going to exploit a bug in perl,
> > why are you installing it?
>
> So are you advocating that people not patch, or not install packages?

Look at the situation and decide if the bug will affect you.
On a box with only trusted+clueful users, with some patches you might
decide there's no problem with waiting for the next binary release.

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

Ted Unangst-2
In reply to this post by Eric Pancer
On 1/12/06, eric <[hidden email]> wrote:
> On Thu, 2006-01-12 at 16:13:23 -0800, Ted Unangst proclaimed...
>
> > if you're installing a package that's going to exploit a bug in perl,
> > why are you installing it?
>
> So are you advocating that people not patch, or not install packages?

i am advocating that people assess their exposure, their risk
tolerance, the difficulty of patching, and the impact of possible
workarounds, and then decide on an appropriate course of action.

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

Eric Pancer
In reply to this post by Stuart Henderson
On Fri, 2006-01-13 at 01:39:23 +0000, Stuart Henderson proclaimed...

> Look at the situation and decide if the bug will affect you.
> On a box with only trusted+clueful users, with some patches you might
> decide there's no problem with waiting for the next binary release.

Thanks, but the question wasn't directed towards you.

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

Marc Espie-2
In reply to this post by Han Boetes
On Fri, Jan 13, 2006 at 12:47:51AM +0059, Han Boetes wrote:

> Clint M. Sand wrote:
> > On Thu, Jan 12, 2006 at 09:38:07PM +0100, Han Boetes wrote:
> > > I doubt you need perl at all on a box like that. You can also
> > > consider to simply remove all the perl on that system.
> >
> > The pkg_* tools are perl. Even though its a firewall he may need
> > to install/remove/maintain pkg's of some sort.
>
> Ever seen the contents of a package? You don't need perl for
> maintaining that. Just a simple script can do the removing and
> adding of packages.
>

Oh sure, and 200K of perl code say otherwise.

I don't think you have a real idea what these tools do these days.
There have been lots of small additions and changes.

The devil is in the details as they say.

Good luck writing correct tools without perl.

Reply | Threaded
Open this post in threaded view
|

Re: errata 001_perl.patch

z0mbix
On 1/13/06, Marc Espie <[hidden email]> wrote:

>
> On Fri, Jan 13, 2006 at 12:47:51AM +0059, Han Boetes wrote:
> > Clint M. Sand wrote:
> > > On Thu, Jan 12, 2006 at 09:38:07PM +0100, Han Boetes wrote:
> > > > I doubt you need perl at all on a box like that. You can also
> > > > consider to simply remove all the perl on that system.
> > >
> > > The pkg_* tools are perl. Even though its a firewall he may need
> > > to install/remove/maintain pkg's of some sort.
> >
> > Ever seen the contents of a package? You don't need perl for
> > maintaining that. Just a simple script can do the removing and
> > adding of packages.
> >
>
> Oh sure, and 200K of perl code say otherwise.
>
> I don't think you have a real idea what these tools do these days.
> There have been lots of small additions and changes.
>
> The devil is in the details as they say.
>
> Good luck writing correct tools without perl.
>
>
As mentioned above, you can use binpatch:

http://openbsdbinpatch.sourceforge.net/

I've had a wrap for a few months and this is the first time I've needed to
patch it, so I used binpatch on my main server to create a patch and
installed it very easily on the wrap. I also did the same with the 002_fd
patch.

Cheers z0mbix