patches
 

Hello Forum:

On CentOS 5.x/Red Hat 5.x, I would like to know how you would install (security) patches? Also, when people talk about patches, do they mean security patches or are there any other type of patches?

Thanks.

Patches are incorporated into updates, which you can get using the GUI using System Update under System > Admin > or by running yum update from a terminal (as root).

A patch is just a piece of code that works differently than the existing installed code. It could be for security reasons or another improvement. When you use yum (through the GUI or from a command line) it updates the specific software with the new code in the update package.

I understand a "patch" to be a diff file, i.e. a file created with the diff (or similar) program that describes the differences between the old and new file, i.e. what to remove and what to add in order to turn the old file into the new, "patched" file. The patch file is applied with the patch program (or similar), after which the old file has become the new, "patched" file.

In a broader sense a "patch" might mean any kind of modification to the system, usually software, that somehow makes it different, usually "better".

On RPM system, patch in form of diff files is applied against the source code during compilation of rpm. All a user needs to do is to regulary updates his system. I do not advise ANY patching on your own. It is better to ask maintainers of particular package (or Red Hat support or via bugzilla) then to mess with it on your own.

What would you guys say about patching using yum as follows:

Install the plugin:
yum install yum-security

Check available security updates:
yum list-security

List all updates that are security related:
yum --security check-update

Install all the security updates:
yum update --security

There are no large numbers of security updates on RHEL/CentOS. Only 1-2 in 3-4 months period on average. This is because it is with frozen major version numbers for several years.

But yes, if you want to avoid general update, that is a way to go. I prefer to update every package as updated version comes out since 99,99% are actual improvements and/or builtin patches to make your system more stable.

Uh, that doesn't sound right.

It is up to the admin to decide, but I understand that on systems like RHEL the way to go are the official updates through the update application. I brought the diff files up, because the OP asked a second question, which is quoted below.

Now that I read it again, the "other type of patches" was probably meant to mean "other type of patches as updates than security patches", but I guess it won't hurt to get a broader view also :)

Hm, yes, you are right. It might do withy the fact that I only update via console, that I am not using all of those programs, and that I always update all packages available.

More acurate is ~9 security patches a month. My bad.

You are correct b0uncer. I saw people talking about patching with diff or a similar program. My impression with diff is that it involves some programming to get the patched working. I have never used it, but that is what I think from what I have read.

I am also looking for a clarification when it comes to the word "patch" or "patches". What I mean is: are we talking about security or are we talking about having packages up-to-date or both?

To DrLove73: Do you do your patches via yum? What programs do you use for that matter? What programs any other one of you use for managing your patches?
Thanks.

when dealing with RHEL / CentOS
running "yum update" is just fine .
aprox 9 ?? i just had 15 recently in CentOS5.5
but then again i do not run cent everyday

as to a "patch" i see that as a source diff file
applied to the the "older" source to get it to match the CURRENT source code
see:
and i do not use them much , sometimes for fixing a gcc 4.1 to gcc 4.5 bug

BUT for a rpm based RHEL5 install USE YUM !!!!!