Date: Sat, 25 Jun 2005 00:51:24 -0500 (CDT) From: Denny White <dennyboy@cableone.net> To: Colin Percival <cperciva@freebsd.org> Cc: freebsd-questions@freebsd.org Subject: re: freebsd-update fetch question Message-ID: <20050625002959.H74347@dualman.cableone.net> In-Reply-To: <42BCDEDC.8080303@freebsd.org> References: <42BCDEDC.8080303@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 24 Jun 2005, Colin Percival wrote: > I'm copy-and-pasting from the archives, since I'm not subscribed to > the freebsd-questions list; please CC me on replies. > > Denny White writes: >> [...] >> The following files are affected by security >> fixes, but have not been updated because they >> have been modified locally: > > To translate: "I looked at the files you have on disk, and I don't > recognize them -- they're not the files which shipped on the RELEASE > CD-ROMs, nor are they files which I provided to you. They might be > up to date, or they might not -- or you might have decided to replace > them with a program which calculates Pi. You'll have to decide what > you want to do with them yourself." > >> [...] >> FreeBSD dualman.cableone.net 5.4-RELEASE-p2 FreeBSD >> [...] >> >> So, I guess my question is, am I okay at this >> point, i.e., does freebsd-update's output mean >> they've already been fixed locally, or do I need >> to specify a branch and force an update on the >> files. > > If in doubt, read the advisory. FreeBSD security advisories > FreeBSD-SA-05:10.tcpdump and FreeBSD-SA-05:11.gzip say that the issues > were corrected in 5.4-RELEASE-p2, so if you did a buildworld and > installworld at the same time as you last updated your kernel (note > that the output of uname just tells you what version the kernel is, and > doesn't say anything about the world), then you're safe. > > Of course, assuming that you haven't deliberately changed those programs, > it wouldn't hurt to run > # freebsd-update --branch crypto fetch > # freebsd-update install > since that will just return those programs to their "canonical" form. (In > FreeBSD 5.3 and 5.4, there is only the "crypto" branch -- the releases no > longer ship with non-cryptographic binaries.) > > Colin Percival > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Seems like I always forget to read something. Should've read the security advisories very first thing. Just taking me a while to put all this together. Like being caught in one those jokes where, right when you're suckered into it, you ask the question that elicits the punchline. You don't tend to forget those. :) Backup to the basics. In fairness, I constantly am into several bsd books I've bought, handbook, web sites, google, this list, etc. But, I should've thought to read there, right on the first page of the web site. Cvsup RELENG_5_4, make buildworld, make buildkernel, make installkernel, reboot, all ok, drop to single user, make installworld, mergemaster & so on. All done the same time. So, should be good to go.Thanks for the help & the wakeup call, too. Denny White -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCvPDpy0Ty5RZE55oRAnLhAJ4pYY4JfCQGjG8TZQZf9u6SHCkjMwCfSiGI s0/dVxUVAPkgPyww7WoAkOU= =Ng0S -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050625002959.H74347>