From owner-freebsd-questions@FreeBSD.ORG Sat Jun 25 04:35:06 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1F4316A41F for ; Sat, 25 Jun 2005 04:35:06 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd4mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id A68F643D49 for ; Sat, 25 Jun 2005 04:35:06 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd3mr7so.prod.shaw.ca (pd3mr7so-qfe3.prod.shaw.ca [10.0.141.23]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IIM00HJJI2HGQHF@l-daemon> for freebsd-questions@freebsd.org; Fri, 24 Jun 2005 22:35:05 -0600 (MDT) Received: from pn2ml9so.prod.shaw.ca ([10.0.121.7]) by pd3mr7so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IIM00FQ4I2HKH80@pd3mr7so.prod.shaw.ca> for freebsd-questions@freebsd.org; Fri, 24 Jun 2005 22:35:05 -0600 (MDT) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0IIM00H2DI2GAJ@l-daemon> for freebsd-questions@freebsd.org; Fri, 24 Jun 2005 22:35:05 -0600 (MDT) Date: Fri, 24 Jun 2005 21:34:36 -0700 From: Colin Percival To: Denny White Message-id: <42BCDEDC.8080303@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.91.0.0 User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050406) Cc: freebsd-questions@freebsd.org Subject: re: freebsd-update fetch question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Jun 2005 04:35:07 -0000 I'm copy-and-pasting from the archives, since I'm not subscribed to the freebsd-questions list; please CC me on replies. Denny White writes: > [...] > The following files are affected by security > fixes, but have not been updated because they > have been modified locally: To translate: "I looked at the files you have on disk, and I don't recognize them -- they're not the files which shipped on the RELEASE CD-ROMs, nor are they files which I provided to you. They might be up to date, or they might not -- or you might have decided to replace them with a program which calculates Pi. You'll have to decide what you want to do with them yourself." > [...] > FreeBSD dualman.cableone.net 5.4-RELEASE-p2 FreeBSD > [...] > > So, I guess my question is, am I okay at this > point, i.e., does freebsd-update's output mean > they've already been fixed locally, or do I need > to specify a branch and force an update on the > files. If in doubt, read the advisory. FreeBSD security advisories FreeBSD-SA-05:10.tcpdump and FreeBSD-SA-05:11.gzip say that the issues were corrected in 5.4-RELEASE-p2, so if you did a buildworld and installworld at the same time as you last updated your kernel (note that the output of uname just tells you what version the kernel is, and doesn't say anything about the world), then you're safe. Of course, assuming that you haven't deliberately changed those programs, it wouldn't hurt to run # freebsd-update --branch crypto fetch # freebsd-update install since that will just return those programs to their "canonical" form. (In FreeBSD 5.3 and 5.4, there is only the "crypto" branch -- the releases no longer ship with non-cryptographic binaries.) Colin Percival