[ARMedslack] Package auto? downgrade
Davide
louigi600 at yahoo.it
Sun Aug 4 12:51:35 UTC 2013
>>>>> I have release 13.37 according to /etc/slackware-version.
>>>>> I have recenly discovered that my mutt package has been downgraded,
>>>>> and I don't understand how/why.
>>
>>>> mutt in 13.37 was last touched in 2010.
>>>> However, armedslack-13.1 has
>>>> armedslack-13.1/slackware/n/mutt-1.4.2.3-arm-1
>>>> Where is slackpkg configured to download from?
>>>> I suspect that you're some how downloading from the wrong tree, or
>>>> the mirror you're using has mixed up content.
>>
>>>The only uncommented line in mirrors is:
>>>ftp://mirror.inode.at/slackwarearm/armedslack-13.1/
>>>so indeed it looks inconsistent....
>>>I certainly didn't intentionally change anything to my mutt install,
>>>so what might have caused it to be downgraded?
>>
>> As far as I know slackpkg should not automatically do any sort of automatic
>> package dependencies (unless you use a modified version that also rewuires
>> using a repo with managed deps) or other automatic actions that are not
>> specifically passed via command line (like upgrade or reinstall).
>> Are yo sure you did not accidentally reinstall a package series and
>> accidentally checked mutt for reinstall ?
>
>No I am not sure :-)
>I remember at some I tried to upgraded to 13.37, but changed my mind.
>So maybe a few packages got upgraded, including mutt, and later reverted...
>
>I don't use slackpkg often :-)
>So I don't master it and I am a bit scared of loosing my data when
>trying to upgrade cleanly....
Once you start to upgrade your system, however it's being done, you
should go all the way, failing to do so can leave you with a mess in the
libraries that can be challenging to fix. Ba backup before starting is
the correct way to revert if you change your mind.
>
>> Is your system exposed to internet for long periods ?
>yes.
>
>> If I were you I'd check the package content to match perfectly (ie some hash
>> check not just size) with what should be distributed with the package having
>> an unjustified package version on your system could mean your system has
>> been hacked. If your system has been hacked you might have other compromised
>> bins so you should do your checks from a known good rescue system (ie your
>> hash binary might have been hacked to report good hashes for the other bins
>> that have been compromised).
>>
>That's a possibility indeed, but I am more inclined to thinking that I
>did something wrong several months ago and have now forgotten :-(
Just wanted to warn you just in case, sometimes people tend to underestimate the the possibility of their system being hacked.
I've won bets with people that consider security breach as a very remote possibility.
>
>Is there a way I can just install the new mutt without upgrading the
>whole system?
slackpkg remove mutt
slackpkg install mutt
or alternatively :
removepkg mutt-.....
download the desigred package and then
installpkg mutt-......
As Stuart said this will work only if no library deps get broken, but if that is your case a reinstall will be much easier.
>
>Thanks,
You're welcome
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.armedslack.org/pipermail/armedslack/attachments/20130804/3949cea3/attachment.html>
More information about the ARMedslack
mailing list