| View previous topic :: View next topic |
| Author |
Message |
huuan
Apprentice
Joined: 19 Feb 2007
Posts: 265
Location: California
|
 Posted: Tue Oct 02, 2007 5:04 pm Post subject: glsa-check stays vulnerable after installing fixes [SOLVED] |
 |
|
glsa-check -t all
was showing:
| Code: | # glsa-check -t all
This system is affected by the following GLSAs:
200709-18
200705-23
200702-07
200701-15
|
so I updated using
glsa-check -f for each and it emerged
dev-java/sun-jdk-1.5.0.12 (1.5.0.12)
for each of
200705-23
200702-07
200701-15
and
www-apps/bugzilla-2.22.3 for 200709-18
but re-running glsa-check -t all still shows:
| Code: | # glsa-check -t all
This system is affected by the following GLSAs:
200709-18
200705-23
200702-07
200701-15
|
Any ideas? Thanks.
Last edited by huuan on Fri Oct 12, 2007 12:30 pm; edited 3 times in total |
|
| Back to top |
|
 |
huuan
Apprentice
Joined: 19 Feb 2007
Posts: 265
Location: California
|
| Posted: Mon Oct 08, 2007 5:34 am Post subject: |
|
|
well after my weekly emerge --sync it went back to not showing any vulnerabilities from those.
No idea why it did what it did but now it's back to normal so I'll mark it solved [edit] it came back so I'm removing the solved again |
|
| Back to top |
|
|
huuan
Apprentice
Joined: 19 Feb 2007
Posts: 265
Location: California
|
| Posted: Wed Oct 10, 2007 9:11 pm Post subject: |
|
|
Well it's back but with 1 less glsa, even after emerge --sync, all still referring to sun-jdk1.4.2*:
200705-23
200702-07
200701-15
here's what's on my system
| Code: | equery list |grep jdk
dev-java/sun-jdk-1.4.2.16
dev-java/sun-jdk-1.5.0.13
virtual/jdk-1.4.2 |
and here's what depends on 1.4.2*
| Code: | # equery depends =dev-java/sun-jdk-1.4.2.16
[ Searching for packages depending on =dev-java/sun-jdk-1.4.2.16... ]
virtual/jdk-1.4.2 (=dev-java/sun-jdk-1.4.2*)
# equery depends =virtual/jdk-1.4.2
[ Searching for packages depending on =virtual/jdk-1.4.2... ]
dev-lang/php-4.4.8_pre20070816 (java-internal? >=virtual/jdk-1.4.2)
sys-libs/db-4.5.20_p2 (java? >=virtual/jdk-1.4) |
I have no clue why php wants jdk as the USE flag -java is set when compiling plus a jdk >1.4 is installed
same goes for sys-libs/db
I've tried unemerging jdk-1.4.2.16 but
emerge -uNDv always brings it back even when I set USE=-java in make.conf
I've checked for other java flags by doing
# emerge -etvp world | less
and searching through using /java but it only shows -java USE flags
I also set the VM to 1.5 in a couple of places
OK so, bottom-line, how do I fix this? |
|
| Back to top |
|
|
roderick
l33t
Joined: 11 Jul 2005
Posts: 908
Location: St. John's, NL CANADA
|
| Posted: Thu Oct 11, 2007 2:22 pm Post subject: |
|
|
Use blackdown jdk instead of sun's to satisfy the virtual/jdk requirement for 1.4.2.
So, emerge -C the sun jdk for 1.4.2 and emerge -av the blackdown one (I use 1.4.2.03-r16 with no issues).
The virtual/jdk is a placeholder dep check ebuild that can be statisfied by different possible jdk's, like both sun and blackdown. The ebuild just checks to verify if either is available/installed in order to satisfy the deps.
_________________
If God were a pickle, I'd still say "no pickle on my burger".
http://roderick-greening.blogspot.com/ |
|
| Back to top |
|
|
huuan
Apprentice
Joined: 19 Feb 2007
Posts: 265
Location: California
|
| Posted: Fri Oct 12, 2007 3:07 am Post subject: |
|
|
| roderick wrote: | | Use blackdown jdk instead of sun's to satisfy the virtual/jdk requirement for 1.4.2. |
Thanks
well I tried that but after the blackdown emerge it wants, when I run revdep-rebuild, to do this:
| Code: | Checking dynamic linking consistency...
broken /opt/blackdown-jdk-1.4.2.03/jre/lib/i386/awt_robot (requires libICE.so.6 libSM.so.6 libX11.so.6 libXext.so.6 libXi.so.6 libXt.so.6 libXtst.so.6)
broken /opt/blackdown-jdk-1.4.2.03/jre/lib/i386/libXm.so.3 (requires libICE.so.6 libSM.so.6 libX11.so.6 libXext.so.6 libXp.so.6 libXt.so.6)
broken /opt/blackdown-jdk-1.4.2.03/jre/lib/i386/libawt.so (requires libICE.so.6 libSM.so.6 libX11.so.6 libXext.so.6 libXp.so.6 libXt.so.6 libXtst.so.6)
broken /opt/blackdown-jdk-1.4.2.03/jre/lib/i386/libjavaplugin_jni.so (requires libX11.so.6 libXt.so.6)
broken /opt/blackdown-jdk-1.4.2.03/jre/lib/i386/libjsoundalsa.so (requires libasound.so.2)
|
Since I'm running a web server with no x11 so I'm not so keen on letting that happen., but thanks for the offer.
What I really need is to find out what it is inside sys-libs/db-4.5.20_p2 causing the java dep...
but then I guess I'm focusing on the wrong thing since both jdk's seem to want x11 , I guess I should focus one getting rid of the GLSA issues. I'll try over tomorrow. Thanks. |
|
| Back to top |
|
|
huuan
Apprentice
Joined: 19 Feb 2007
Posts: 265
Location: California
|
| Posted: Fri Oct 12, 2007 12:30 pm Post subject: |
|
|
OK it is all fixed as regards GLSA vulnerabilities for jdk so I'll mark this thread as solved
I did as Roderick suggested
| Quote: | | Use blackdown jdk instead of sun's to satisfy the virtual/jdk requirement for 1.4.2. |
which satisfied al the jdk related GLSA reports
and then to keep revdep from getting all that extra x11 stuff did:
| Quote: | | SEARCH_DIRS_MASK="/opt/blackdown-jdk-1.4.2.03" revdep-rebuild -i -va |
and apart from php4 issues it's all fixed: thanks to Roderick  |
|
| Back to top |
|
|
|
Networking & Security
