Re: [pca] Quarterly CPU and the xref
Craig Bell wrote: Q: How do I prove that I applied fixes for all vulnerabilities mentioned in the CPU? Is it reasonable to expect transparent documentation? I just saw that link in a comment from Gerry Haskins on his blog entry you mentioned: http://blogs.sun.com/security/entry/cpu_july_2010 Mapping between CVE numbers and Solaris patches for CPU July 2010 So Oracle seems to have listened .. Martin.
Re: [pca] 124867-15 fails dependency check
Hi David, It looks as though the latest revision of this patch has an error in the dependency checking: Can you show the complete pca command (and possible ignore settings in pca configuration files) you used which caused the error? Comparing it with the rev-14 patch highlights the probable error: mpx# diff 124867-14/SPROcc/pkginfo 124867-15/SPROcc/pkginfo 17d16 SUNW_REQUIRES=124861-07 126495-03 That's fine, actually. The patchdiag.xref file lists the same dependencies for 124867-15: 124867|15|Aug/04/10| | | | |Unbundled|sparc;124861-07;126495-03;|... So pca should have tried to install 124861 first, if it's missing from your system. It definitely sees the dependency: $ pca -H -l 124867 124861 -- 19 --- 130 Sun Studio 12: Compiler Common patch ... 126495 -- 04 --- 361 Sun Studio 12: Patch for debuginfo handling 124867 -- 15 --- 2 Sun Studio 12: Patch for C 5.9 compiler Also, I attempted to use the 'ignore=124867-15' syntax to skip over applying this patch, but it didn't attempt to install the 124867-14 patch, as I would have hoped. What would be the required syntax for supporting such an operation? I know what you're after, but unfortunately it doesn't work like that. As the xref file contains no information about old patch revisions, it doesn't know what patch preceded 124867-15. It could be 124867-14, but also e.g. 124867-13 (revisions are skipped sometimes) or a completely different patch ID (sometimes a revision which is not 01 is the first one of a patch to be published). Martin.
Re: [pca] 124867-15 fails dependency check
Martin, Hi David, It looks as though the latest revision of this patch has an error in the dependency checking: Can you show the complete pca command (and possible ignore settings in pca configuration files) you used which caused the error? Sure (once I unwind my shell-code). bin/pca --install missing --xrefdir=patchdiag.xref.d/latest --nocheckxref \ --patchurl=file:/export/patches/Solaris/allpatches --root=/.alt.OS-Aug-04-10 \ --syslog=user --cffile=etc/pca_ignore.conf With 'etc/pca_ignore.conf' consisting of: ignore=137294 Comparing it with the rev-14 patch highlights the probable error: mpx# diff 124867-14/SPROcc/pkginfo 124867-15/SPROcc/pkginfo 17d16 SUNW_REQUIRES=124861-07 126495-03 That's fine, actually. The patchdiag.xref file lists the same dependencies for 124867-15: 124867|15|Aug/04/10| | | | |Unbundled|sparc;124861-07;126495-03;|... Ah, my apologies here, my diff-explanation wasn't very clear. It appears that an entry in the pkginfo has changed between 124867-14 and -15: 124867-14: SUNW_REQUIRES=124861-07 126495-03 124867-15: SUNW_REQUIRES='124861-07 126495-03' which does seem to match up with the error message. 0 For patch 124867-15, required patch '124861-07 does not exist. So pca should have tried to install 124861 first, if it's missing from your system. It definitely sees the dependency: $ pca -H -l 124867 124861 -- 19 --- 130 Sun Studio 12: Compiler Common patch ... 126495 -- 04 --- 361 Sun Studio 12: Patch for debuginfo handling 124867 -- 15 --- 2 Sun Studio 12: Patch for C 5.9 compiler As a side-note, the actual dependency was already on the system: hebe showrev -p | grep '^Patch: 124861' Patch: 124861-02 Obsoletes: Requires: Incompatibles: Packages: SPROlang, SPROlangx Patch: 124861-15 Obsoletes: Requires: Incompatibles: Packages: SPROlang, SPROsunms, SPROmrcom, SPROlangx Also, I attempted to use the 'ignore=124867-15' syntax to skip over applying this patch, but it didn't attempt to install the 124867-14 patch, as I would have hoped. What would be the required syntax for supporting such an operation? I know what you're after, but unfortunately it doesn't work like that. As the xref file contains no information about old patch revisions, it doesn't know what patch preceded 124867-15. It could be 124867-14, but also e.g. 124867-13 (revisions are skipped sometimes) or a completely different patch ID (sometimes a revision which is not 01 is the first one of a patch to be published). Martin. Yeah, after digging around in the patchdiag.xref a bit more, I realised that that 'previous patch' information wasn't there. David. __ David Gameau ISTS - Systems Infrastructure University of South Australia email: david.gam...@unisa.edu.au phone: +61 8 8302 3533 fax: +61 8 8302 5800
Re: [pca] 124867-15 fails dependency check
David Gameau wrote: Ah, my apologies here, my diff-explanation wasn't very clear. It appears that an entry in the pkginfo has changed between 124867-14 and -15: 124867-14: SUNW_REQUIRES=124861-07 126495-03 124867-15: SUNW_REQUIRES='124861-07 126495-03' which does seem to match up with the error message. 0 For patch 124867-15, required patch '124861-07 does not exist. Ah, now I see that the problem is. I hadn't looked close enough on your original message. As it's impossible for anybody to install this patch, I'm sure Oracle will fix that without any further on your side. Removing the wrong quotation characters and repackaging the patch shouldn't be a big problem. I'll send a direct Cc: to Don O'Malley anyway. Martin.
Re: [pca] 124867-15 fails dependency check
Looking in to this now... Best, -Don Martin Paul wrote: David Gameau wrote: Ah, my apologies here, my diff-explanation wasn't very clear. It appears that an entry in the pkginfo has changed between 124867-14 and -15: 124867-14: SUNW_REQUIRES=124861-07 126495-03 124867-15: SUNW_REQUIRES='124861-07 126495-03' which does seem to match up with the error message. 0 For patch 124867-15, required patch '124861-07 does not exist. Ah, now I see that the problem is. I hadn't looked close enough on your original message. As it's impossible for anybody to install this patch, I'm sure Oracle will fix that without any further on your side. Removing the wrong quotation characters and repackaging the patch shouldn't be a big problem. I'll send a direct Cc: to Don O'Malley anyway. Martin.
Re: [pca] 124867-15 fails dependency check
Hi David/Martin, I've just reproduced and logged a bug for this. It looks like a clear case for patch withdrawal. I will get these patches off SunSolve asap. Thanks for bringing this to my attention and apologies for the inconvenience. Best, -Don Don O'Malley wrote: Looking in to this now... Best, -Don Martin Paul wrote: David Gameau wrote: Ah, my apologies here, my diff-explanation wasn't very clear. It appears that an entry in the pkginfo has changed between 124867-14 and -15: 124867-14: SUNW_REQUIRES=124861-07 126495-03 124867-15: SUNW_REQUIRES='124861-07 126495-03' which does seem to match up with the error message. 0 For patch 124867-15, required patch '124861-07 does not exist. Ah, now I see that the problem is. I hadn't looked close enough on your original message. As it's impossible for anybody to install this patch, I'm sure Oracle will fix that without any further on your side. Removing the wrong quotation characters and repackaging the patch shouldn't be a big problem. I'll send a direct Cc: to Don O'Malley anyway. Martin.
