[9016] in bugtraq
Re: "solaris 7" name change consequences
daemon@ATHENA.MIT.EDU (//Stany)
Sat Jan 9 17:31:11 1999
Date: Sat, 9 Jan 1999 03:36:20 -0500
Reply-To: //Stany <stany@PET.NOTBSD.ORG>
From: //Stany <stany@PET.NOTBSD.ORG>
X-To: rick pim <rick@POST.QUEENSU.CA>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199901081533.KAA06252@post.queensu.ca>
On Fri, 8 Jan 1999, rick pim wrote:
> john riddoch mentioned sun's "patchdiag". i took a fast look at that
> and found that
> - it's not available in source
> - it's over a megabyte in size (even after throwing away the redundant
> copy of its own tar file that sun kindly includes in the kit)
> - it can produce misleading results: on my just-installed 5.7 system, it
> tells me:
> Patch Ins Lat Age Require Incomp Synopsis
> ID Rev Rev ID ID
> ------ --- --- --- --------- --------- ----------------------------------
> All security patches installed!
> when there are at least two that are outstanding. i don't know that
> this is at all related to the "version number" issue, but it's
> not a particularly good sign.
At first I have thought that you are getting this error because you are
having a stale crossreference file. Every time Sun have released a patch
(for all practical purposes daily) the patchdiag.xref file is updated and
by the end of the day made available on the ftp sites. Unfortunally there
/is/ a problem with SunOS 5.7, as even though there have been a number of
patches released for it, including a kernel upgrade, patchdiag doesn't
pick it up.
My script that I invoke to run patchdiag is the following:
--->
#!/bin/bash
if [ -f ./patchdiag.xref ]; then
mv patchdiag.xref patchdiag.xref.
fi
wget ftp://sunsolve1.sun.com/pub/patches/patchdiag.xref
./patchdiag | less
<---
Which, assuming that you have less and wget (both are GNU tools),
essentially downloads the latest crossreference file and runs patchdiag
against it (the file have to be present in the same place where you have
told patchdiag on install it is). Crossreference files are conviniently
dated, so you can always see if your data is up to date:
[snip]
System Name: zerkalo.notbsd.org SunOS Vers: 5.6 Arch: sparc
Cross Reference File Date: 07/Jan/99
PatchDiag Version: 1.0.1
[snip]
Now running this on a SunOS 5.7 host will tell me that my patches are in
fact all up to date. However, if I am to do a full patch audit, by using
patchdiag -l, it will show me that in fact there are plenty of patches
not installed.
Among other cool options that patchdiag can do is ability to do a
diagnostics of a different system, as long as the OS and arch the other
system runs is known, and output of showrev -p and, pkginfo -l is
available:
stany@zerkalo:/opt/patchdiag-1.0.1[19]$ ssh stany@asmodean.notbsd.org showrev -p >/tmp/showrev_2.7.txt
stany@zerkalo:/opt/patchdiag-1.0.1[19]$ ssh stany@asmodean.notbsd.org pkgadd -l >/tmp/pkgadd_2.7.txt
stany@zerkalo:/opt/patchdiag-1.0.1[20]$ ./patchdiag -p /tmp/pkgadd_2.7.txt /tmp/showrev_2.7.txt 5.7 sparc asmodean.notbsd.org
[snip]
OTHER RELATED UNINSTALLED PATCHES
NOTE: This is determined by the packages that have been
installed on the system.
When one patch refers to multiple packages, we list the
additional packages in the next lines.
The various 'S','R','*' marks denote unbundled packages
that is designated as an 'Security' or 'Recommended'.
S = Security
R = Recommened Unbundled
* = Both Security and Recommended Unbundled
Patch Package Latest Synopsis
ID Name Revision
------ - --------- -----------------------------------------------------------------
106147 SUNWxilvl 01 SunOS 5.7: VIS/XIL Graphics Patch
106541 SUNWcar 01 SunOS 5.7: kernel update patch
SUNWcpr
SUNWcsr
SUNWhea
106793 * SUNWcsu 01 SunOS 5.7: ufsdump and ufsrestore patch
SUNWhea
106812 SUNWplow1 04 SunOS 5.7: ctl print utility patch
106832 SUNWcsr 01 SunOS 5.7: auditreduce/c2audit/praudit patch
SUNWcsu
SUNWhea
106879 SUNWpmowu 01 Power_Mgmt-SW 7: sys-suspend patch
106934 SUNWdtbas 01 CDE 1.3: libDtSvc Patch
106938 SUNWcsl 01 SunOS 5.7: libresolv patch
106960 R SUNWman 01 SunOS 5.7: Manual Pages for patchadd.1m and patchrm.1m
106963 SUNWcsr 01 SunOS 5.7: /kernel/drv/esp and /kernel/drv/sparcv9/esp patch
[snip the rest of the output. There are plenty more patches...]
Yes, the kernel patch is in there, together with all the other
"Security and Recommended unbundled" patches
Best of luck. Hope it helps in keeping your systems up to date.
//Stany
P.S. A note of warning - it is really worth-while to find out what
patches do before you add them.
--
+-----------------------------------------------------------------------------+
| Stanislav N. Vardomskiy - Procurator Odiosus Ex Infernis[TM] |
| This message is brought to you by letters jey, ow, el and tee. |
| Jolt! For all the sugar and twice the caffeine. |
+-----------------------------------------------------------------------------+