Calum writes: | | Brian G. Peterson wrote: | | > I subscribe to the GLSA RSS feed, and scan that feed manually against my | > installed software list. The glsa-check tool is basically useless (as of | | > gentoolkit-0.2.1_pre7), as it shows all GLSAs rather than just GLSAs for | > tools that correspond to packages installed on the system it is run on. | | I run glsa-check -l | grep '\[N\]' in a cron, and have the results | emailed to me at a central email address.
Time for me to make a fool of myself ;). Ive been running | emerge -uD world -pv to look for updates and I was a little surprised at the following.... | # emerge -uD world -pv | | These are the packages that I would merge, in order: | | Calculating world dependencies ...done! | [ebuild U ] sys-devel/libperl-5.8.7 [5.8.6-r1] +berkdb -debug +gdbm -ithreads 9,608 kB | [ebuild U ] dev-lang/perl-5.8.7-r1 [5.8.6-r5] +berkdb -build -debug -doc +gdbm -ithreads -minimal -perlsuid 0 kB | | Total size of downloads: 9,608 kB Which doesnt list....... | # glsa-check -l |& grep '\[N\]' | [N] indicates that the system might be affected. | 200507-16 [N] dhcpcd: Denial of Service vulnerability ( net-misc/dhcpcd ) but if I check the package by directly it does need an update (and quite badly it seems)... | # emerge -pv dhcpcd | | These are the packages that I would merge, in order: | | Calculating dependencies ...done! | [ebuild U ] net-misc/dhcpcd-2.0.0 [1.3.22_p4-r5] -build -debug -static 119 kB | | Total size of downloads: 119 kB Huh? Have I just foolishly assumed that emerge world checks all packages? Is there some 'better' way to list all packages that need updates both security and normal (and I missed it)? I thought it might just have been me (running ppc64), but I notice my friends intel box has exactly the same problem, right down to the same version of dhcpcd. Ok, I just checked the security handbook and it only mentions glsa-check. Ok, its probably my bad... but shouldnt emerge world merge security updates too? cheers, cam -- / `Rev Dr' cam at darkqueen.org Roleplaying, virtual goth \ < http://darkqueen.org Poly, *nix, Python, C/C++, genetics, ATM > \ [+61 3] 9809 1523[h] skeptic, Evil GM(tm). Sysadmin for hire / ---------- Random Quote ---------- Excellent day for drinking heavily. Spike the office water cooler. -- [email protected] mailing list
