From owner-freebsd-binup Wed Jan 23 10:30:23 2002 Delivered-To: freebsd-binup@freebsd.org Received: from q3.cybg.com (digex-ext.cybg.com [209.119.171.80]) by hub.freebsd.org (Postfix) with SMTP id 7BDA637B400 for ; Wed, 23 Jan 2002 10:30:11 -0800 (PST) Message-ID: From: Beth Reid To: "'freebsd-binup@freebsd.org'" Subject: FW: FreeBSD nonkernel patches/packages Date: Wed, 23 Jan 2002 13:26:47 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1A43B.8604A884" Sender: owner-freebsd-binup@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1A43B.8604A884 Content-Type: text/plain; charset="iso-8859-1" -----Original Message----- From: Jacques A. Vidrine [mailto:n@nectar.cc] Sent: Wednesday, January 23, 2002 1:17 PM To: Beth Reid Cc: 'security-officer@FreeBSD.org' Subject: Re: FreeBSD nonkernel patches/packages Hello Beth, Many of the question you ask here will probably be better answered in another forum such as freebsd-hackers@freebsd.org. You are seeking understanding of the FreeBSD build process, and of the package creation process, and these are not specific to security. On Wed, Jan 23, 2002 at 01:02:34PM -0500, Beth Reid wrote: > Hi > > I have a few questions regarding non-kernel FreeBSD patch distribution. Any > information is really appreciated. If all of this is documented somewhere, > I would be happy to do the research if someone could point me to the > document. > > 1 ) If I produced a product based on FreeBSD 4.3, how would my customers get > the patches? > > I can see there was a binary distribution of the patches using pkg_add. > This seems to work very nicely in distributing patches to customers. > However, this process seemed to change with the openssh patch 01:63. The > binary distribution was for FreeBSD 4.4 only. How does one ship a binary > installation of that patch to their customers who are running 4.3? (Same > goes for patches 02:01 and 02:02.) The customer's system does not have > source. :-/ As noted in the advisory, the binary patches are an experimental delivery mechanism. You could certainly duplicate this experiment yourself. > 2) Do you provide a mechanism where I can create my own binary > installations using pkg_add? > > It seems I can use pkg_create. That seems to work fine, but can I get more > information on the packinglist file and what items to ship with each > distribution? > > I can create a very simple packinglist such as this for the 02:02 pw patch. [snip] > Or the following for the 01:63 sshd patch: [snip] Yes, that is essentially how it is done. > However, when I looked at the binary distribution for the sshd patch that is > available for FreeBSD 4.4, it included several shippables such as scp, > ssh_add, ssh-agent, ssh_keygen, sftp.... and all of the man pages). This > didn't seem necessary since the only file that was changed was session.c. > Was this done simply to reship the entire ssh product or did this package > just include everything that the make install would have rebuilt? The last released sshd patch included only `sshd', not the items you note above. Probably you are thinking about the OpenSSH /ports/. We do not provide binary patches for ports. Rather, users are instructed to update to new packages, and these packages are indeed complete. > 3) What about patches that patch libraries which impact several executables? > > > If there is a patch that patches a library (similar to the old 01:40) patch, > how do you know which commands that it would impact and which to include in > the binary package? It depends. If one patches libc, one would have to also patch all statically linked executables for example. Library dependencies are documented primarily in the Makefiles for FreeBSD. > Would it be documented in the README? What README? > I suppose the long and short of it is, if I am creating my own binary > installations, how can I be sure what to include in the tarballs. Do I have > to rely on combining information from the Readme, .patch file, and Makefile > as a guide? Yes. In our advisories for the base system, we now try to include all the revisions and source files [1]. You will have to derive what binaries are affected from that. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se [1] In the `Correction details' section. ------_=_NextPart_001_01C1A43B.8604A884 Content-Type: text/html; charset="iso-8859-1" FW: FreeBSD nonkernel patches/packages

-----Original Message-----
From: Jacques A. Vidrine [mailto:n@nectar.cc]
Sent: Wednesday, January 23, 2002 1:17 PM
To: Beth Reid
Cc: 'security-officer@FreeBSD.org'
Subject: Re: FreeBSD nonkernel patches/packages


Hello Beth,

Many of the question you ask here will probably be better answered in
another forum such as freebsd-hackers@freebsd.org.  You are seeking
understanding of the FreeBSD build process, and of the package
creation process, and these are not specific to security.

On Wed, Jan 23, 2002 at 01:02:34PM -0500, Beth Reid wrote:
> Hi
>
> I have a few questions regarding non-kernel FreeBSD patch distribution.  Any
> information is really appreciated.  If all of this is documented somewhere,
> I would be happy to do the research if someone could point me to the
> document.
>
> 1 ) If I produced a product based on FreeBSD 4.3, how would my customers get
> the patches?
>
> I can see there was a binary distribution of the patches using pkg_add.
> This seems to work very nicely in distributing patches to customers.
> However, this process seemed to change with the openssh patch 01:63.  The
> binary distribution was for FreeBSD 4.4 only.  How does one ship a binary
> installation of that patch to their customers who are running 4.3?  (Same
> goes for patches 02:01 and 02:02.)  The customer's system does not have
> source. :-/

As noted in the advisory, the binary patches are an experimental
delivery mechanism.  You could certainly duplicate this experiment
yourself.
 
> 2)  Do you provide a mechanism where I can create my own binary
> installations using pkg_add?
>
> It seems I can use pkg_create.  That seems to work fine, but can I get more
> information on the packinglist file and what items to ship with each
> distribution? 
>
> I can create a very simple packinglist such as this for the 02:02 pw patch.
[snip]
> Or the following for the 01:63 sshd patch:
[snip]

Yes, that is essentially how it is done.

> However, when I looked at the binary distribution for the sshd patch that is
> available for FreeBSD 4.4, it included several shippables such as scp,
> ssh_add, ssh-agent, ssh_keygen, sftp.... and all of the man pages).  This
> didn't seem necessary since the only file that was changed was session.c.
> Was this done simply to reship the entire ssh product or did this package
> just include everything that the make install would have rebuilt?

The last released sshd patch included only `sshd', not the items you
note above.  Probably you are thinking about the OpenSSH /ports/.  We
do not provide binary patches for ports.  Rather, users are instructed
to update to new packages, and these packages are indeed complete.
 
> 3) What about patches that patch libraries which impact several executables?
>
>
> If there is a patch that patches a library (similar to the old 01:40) patch,
> how do you know which commands that it would impact and which to include in
> the binary package? 

It depends.  If one patches libc, one would have to also patch all
statically linked executables for example.   Library dependencies are
documented primarily in the Makefiles for FreeBSD.

> Would it be documented in the README?

What README?
 
> I suppose the long and short of it is, if I am creating my own binary
> installations, how can I be sure what to include in the tarballs.  Do I have
> to rely on combining information from the Readme, .patch file, and Makefile
> as a guide?

Yes.  In our advisories for the base system, we now try to include all
the revisions and source files [1].  You will have to derive what
binaries are affected from that.

Cheers,
--
Jacques A. Vidrine <n@nectar.cc>                 http://www.nectar.cc/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se

[1] In the `Correction details' section.

------_=_NextPart_001_01C1A43B.8604A884-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-binup" in the body of the message From owner-freebsd-binup Thu Jan 24 11: 5:16 2002 Delivered-To: freebsd-binup@freebsd.org Received: from protactinium.btinternet.com (protactinium.btinternet.com [194.73.73.176]) by hub.freebsd.org (Postfix) with ESMTP id C0EAD37B417; Thu, 24 Jan 2002 11:05:00 -0800 (PST) Received: from host213-122-62-182.btinternet.com ([213.122.62.182] helo=rodson.com) by rhenium with smtp (Exim 3.22 #8) id 16Toip-00009c-00; Thu, 24 Jan 2002 18:35:40 +0000 From: "Rodson Universal" To: Subject: Port and Stevedoring Equipment For Sale and Wanted Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Date: Thu, 24 Jan 2002 20:35:18 +0200 Content-Transfer-Encoding: 8bit Message-Id: Sender: owner-freebsd-binup@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Attn : Stevedoring , crane and engineering dept. We buy and sell crawler and telescopic cranes 50-1000 tons Stevedoring equipment Port cranes equipment ,Shipyard equipment Container cranes and equipment Floating grab cranes , heavy lift cranes , dry docks and barges PLEASE CHECK OUR WEBSITE www.rodson.com We are always looking to buy port cranes and ship unloading systems , bagging plants , pneumatic grain unloaders , dry cargo unloaders , screw type unloaders , dry cargo unloading systems , dry powdered cement unloaders , rail mounted and rubber tyred ship-to-shore cranes , container cranes , grab cranes , coal discharging systems , Port pedastal whirley cranes ,container-handling forklifts and reachstackers , terminal tractors and trailers, electro-hydrauylic grabs 10-14 cu meter Please keep us informed of any equipment you have for sale and let us know your port equipment and stevedoring requirements thanks and regards connie sullivan Please reply to: sales@rodson.com RODSON UNIVERSAL INC www.rodson.com Tel +44 1444 412728 Fax +44 1444 415929 If you feel that you have received this e-mail in error or wish to unsubscribe to future mailings, please reply to this e-mail with "remove" in the subject header. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-binup" in the body of the message