Date: Fri, 27 Dec 2002 00:19:32 +0000 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: Adrian Filipi-Martin <adrian+freebsd-binup@ubergeeks.com> Cc: freebsd-binup@FreeBSD.ORG, <freebsd-stable@FreeBSD.ORG> Subject: Re: Binary security updates Message-ID: <5.0.2.1.1.20021227001044.01c0fa40@popserver.sfu.ca> In-Reply-To: <20021226190441.D68788-100000@lorax.ubergeeks.com> References: <5.0.2.1.1.20021225125238.037cd840@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
At 19:08 26/12/2002 -0500, Adrian Filipi-Martin wrote: >On Wed, 25 Dec 2002, Colin Percival wrote: > > I've put together a basic binary updates tool aimed at people who want > > to track a security branch without keeping a source tree and > > recompiling. I have tested this code to the best of my ability -- but > > since I only have one FreeBSD box (and it's on the other side of the > > world), that ability is rather limited. > > How do you deal with .a-files? They may be identical excepting for >their table of contents and md5's don't look into the archive. Assuming that the component object files are the same, .a files will be identical apart from the timestamps. There happens to be a timestamp for each object file, which (especially for libc) means an awful lot of timestamps; but my code happily finds all of them the same way as it deal with other timestamps. Files which do not contain any stamps are compared on the basis of their MD5 hashes; "polymorphic" files (those which contain stamps) are unstamped and then compared. > Also did you run into anything with respect to other >archive/library file types? Gzipped files need to be ungzipped before looking for / removing stamps, but those are the only files in the FreeBSD world which I needed to deal with specially; I can't say if other worlds would be so easily dealt with. I've been contacted by someone who is testing my code on OpenBSD and MicroBSD, but I haven't heard any results. Colin Percival To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20021227001044.01c0fa40>