Date: Thu, 25 Sep 2014 16:51:03 -0400 From: Rick Miller <vmiller@hostileadmin.com> To: Guido Falsi <mad@madpilot.net> Cc: freebsd-ports <freebsd-ports@freebsd.org>, Bryan Drewery <bdrewery@freebsd.org> Subject: Re: Poudriere Build of pkg_* repos? Message-ID: <CAHzLAVHBRzKx7vEXuSpGAOZcNBM2tp6YUHibTvggQjM8wWkhoA@mail.gmail.com> In-Reply-To: <54246761.8060405@madpilot.net> References: <CAHzLAVGcGPQP3NvaSpe6%2BidLdEWM4hrQyPwP6YVPvOO-J823Fw@mail.gmail.com> <54233850.2070807@FreeBSD.org> <CAHzLAVFsmaD_wx%2B2%2B9oug3hCOYG_kxBAi--R9FmmBOPG2PcZ4A@mail.gmail.com> <54242A0E.6000507@madpilot.net> <CAHzLAVFWv9Zz7dk2uF=3y-qJBpdEbXgWD_YoJXD0zcd%2BbxHCsQ@mail.gmail.com> <54246761.8060405@madpilot.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 25, 2014 at 3:05 PM, Guido Falsi <mad@madpilot.net> wrote: > On 09/25/14 20:57, Rick Miller wrote: > > On Thu, Sep 25, 2014 at 10:43 AM, Guido Falsi <mad@madpilot.net> wrote: > > [snip] > > > > =======================<phase: patch > >============================ > > ===> Patching for bash-4.3.24 > > ===> Applying distribution patches for bash-4.3.24 > > ===> Applying extra patch /distfiles/local-patches/8_4-amd64/bash.patch > > ===> Applying extra patch > > /usr/ports/shells/bash/files/extrapatch-colonbreakswords > > ===> Applying extra patch > > /usr/ports/shells/bash/files/extrapatch-implicitcd > > ===> Applying FreeBSD patches for bash-4.3.24 > > > =========================================================================== > > > > The first sign that something didn't appear to have gone as expected was > > that the package was built as bash-4.3.24.tbz as opposed to > > bash-4.3.25.tbz. The above test was executed observing the behavior of a > > still vulnerable binary. > > The way you are applying the patch simply modifies the code being > compiled by the port, you're not patching the port itself, so the port > maintains the same version number. > Makes sense > > The test was performed on an 8.4 host with a [unpatched] bash-4.3.24 > after > > forcefully removing the package and adding the new, patched package. It > > complained of dependencies on packages that were already installed, but > not > > up to the version of the dependency. After manually fixing these > > dependencies (forcefully deleting the existing dependencies and > installing > > the new ones), the test was executed once again to the same results. > > > > Could this be an issue of the order the patches were applied in or ?? > > You should check the build log and see if in the patching phase there > was any error. > The above log snippet is from the patch phase of the build indicating success (well, at least no error). A build with the wrong patch was attempted that did indicate errors, as expected. The full log can be viewed at http://pastebin.com/hwHwJAKK Is there some way in the log to identify if the source was patched and built correctly? Does Poudriere [ I say Poudriere realizing that it likely does not, but perhaps the system does? ] provide the ability to review the source code after patching to actually verify the patch was applied? A cursory search of the filesystem where Poudriere stores the jail turned up no leads. -- Take care Rick Miller
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHzLAVHBRzKx7vEXuSpGAOZcNBM2tp6YUHibTvggQjM8wWkhoA>