From owner-freebsd-binup  Thu Dec 26 16:19:38 2002
Delivered-To: freebsd-binup@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id F295237B401; Thu, 26 Dec 2002 16:19:36 -0800 (PST)
Received: from mta07-svc.ntlworld.com (mta07-svc.ntlworld.com [62.253.162.47])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 80CA943E4A; Thu, 26 Dec 2002 16:19:35 -0800 (PST)
	(envelope-from colin.percival@wadham.ox.ac.uk)
Received: from piii600.wadham.ox.ac.uk ([62.254.149.90])
          by mta07-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20021227001933.PKYM9037.mta07-svc.ntlworld.com@piii600.wadham.ox.ac.uk>;
          Fri, 27 Dec 2002 00:19:33 +0000
Message-Id: <5.0.2.1.1.20021227001044.01c0fa40@popserver.sfu.ca>
X-Sender: cperciva@popserver.sfu.ca
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Fri, 27 Dec 2002 00:19:32 +0000
To: Adrian Filipi-Martin <adrian+freebsd-binup@ubergeeks.com>
From: Colin Percival <colin.percival@wadham.ox.ac.uk>
Subject: Re: Binary security updates
Cc: freebsd-binup@FreeBSD.ORG, <freebsd-stable@FreeBSD.ORG>
In-Reply-To: <20021226190441.D68788-100000@lorax.ubergeeks.com>
References: <5.0.2.1.1.20021225125238.037cd840@popserver.sfu.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-binup@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-binup.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-binup>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-binup>
X-Loop: FreeBSD.ORG

At 19:08 26/12/2002 -0500, Adrian Filipi-Martin wrote:
>On Wed, 25 Dec 2002, Colin Percival wrote:
> >    I've put together a basic binary updates tool aimed at people who want
> > to track a security branch without keeping a source tree and
> > recompiling.  I have tested this code to the best of my ability -- but
> > since I only have one FreeBSD box (and it's on the other side of the
> > world), that ability is rather limited.
>
>         How do you deal with .a-files?  They may be identical excepting for
>their table of contents and md5's don't look into the archive.

   Assuming that the component object files are the same, .a files will be 
identical apart from the timestamps.  There happens to be a timestamp for 
each object file, which (especially for libc) means an awful lot of 
timestamps; but my code happily finds all of them the same way as it deal 
with other timestamps.
   Files which do not contain any stamps are compared on the basis of their 
MD5 hashes; "polymorphic" files (those which contain stamps) are unstamped 
and then compared.

>         Also did you run into anything with respect to other
>archive/library file types?

   Gzipped files need to be ungzipped before looking for / removing stamps, 
but those are the only files in the FreeBSD world which I needed to deal 
with specially; I can't say if other worlds would be so easily dealt with.
   I've been contacted by someone who is testing my code on OpenBSD and 
MicroBSD, but I haven't heard any results.

Colin Percival


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-binup" in the body of the message