From owner-freebsd-security@freebsd.org  Mon Aug 10 14:21:28 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 932523A43D6
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Mon, 10 Aug 2020 14:21:28 +0000 (UTC)
 (envelope-from shuriku@shurik.kiev.ua)
Received: from mail.flex-it.com.ua (mail.flex-it.com.ua [193.239.74.7])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4BQJ6t753Yz4LbZ
 for <freebsd-security@freebsd.org>; Mon, 10 Aug 2020 14:21:26 +0000 (UTC)
 (envelope-from shuriku@shurik.kiev.ua)
Received: from mail.lissoft.com.ua ([188.231.181.61]
 helo=thinkpad.flex-it.com.ua)
 by mail.flex-it.com.ua with esmtpsa  (TLS1.3) tls TLS_AES_128_GCM_SHA256
 (Exim 4.94 (FreeBSD)) (envelope-from <shuriku@shurik.kiev.ua>)
 id 1k58fu-0002MD-2u
 for freebsd-security@freebsd.org; Mon, 10 Aug 2020 17:21:18 +0300
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-20:22.sqlite
To: freebsd-security@freebsd.org
References: <20200805175429.DDBF41B725@freefall.freebsd.org>
From: Oleksandr Kryvulia <shuriku@shurik.kiev.ua>
Message-ID: <0f00291d-e681-9cfc-bdb2-f7635ed81f33@shurik.kiev.ua>
Date: Mon, 10 Aug 2020 17:21:12 +0300
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101
 Thunderbird/68.11.0
MIME-Version: 1.0
In-Reply-To: <20200805175429.DDBF41B725@freefall.freebsd.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Rspamd-Queue-Id: 4BQJ6t753Yz4LbZ
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of shuriku@shurik.kiev.ua designates
 193.239.74.7 as permitted sender) smtp.mailfrom=shuriku@shurik.kiev.ua
X-Spamd-Result: default: False [-1.88 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[];
 FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain];
 TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[shurik.kiev.ua];
 RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.66)[-0.659];
 NEURAL_HAM_MEDIUM(-0.76)[-0.764];
 NEURAL_HAM_SHORT(-0.16)[-0.160]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:35297, ipnet:193.239.72.0/22, country:UA];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 14:21:28 -0000

05.08.20 20:54, FreeBSD Security Advisories пишет:
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> [FreeBSD 12.1]
> # fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.12.1.patch
> # fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.12.1.patch.asc
> # gpg --verify sqlite.12.1.patch.asc
>
> [FreeBSD 11.4]
> # fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.11.4.patch
> # fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.11.4.patch.asc
> # gpg --verify sqlite.11.4.patch.asc
>
> [FreeBSD 11.3]
> # fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.11.3.patch
> # fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.11.3.patch.asc
> # gpg --verify sqlite.11.3.patch.asc

Hi,
there is a typo in links -please replace "SA-20:21" with "SA-20:22"




From owner-freebsd-security@freebsd.org  Mon Aug 10 15:18:18 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 22E5A3A616B
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Mon, 10 Aug 2020 15:18:18 +0000 (UTC)
 (envelope-from gordon@tetlows.org)
Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com
 [IPv6:2607:f8b0:4864:20::102f])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4BQKNS5d3vz4Q1H
 for <freebsd-security@freebsd.org>; Mon, 10 Aug 2020 15:18:16 +0000 (UTC)
 (envelope-from gordon@tetlows.org)
Received: by mail-pj1-x102f.google.com with SMTP id e4so5223678pjd.0
 for <freebsd-security@freebsd.org>; Mon, 10 Aug 2020 08:18:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:message-id:mime-version:subject:date
 :in-reply-to:cc:to:references;
 bh=oSHvCCWjYC3lq1G/dX4dwA1iR+9nDFzpRdDWN+gDyZo=;
 b=Q3CjrSdtNqoaKDgNRTECDOtYf5T1FL0Fx/Q2opUW99her5SIxp6Xe1pOgcPHPu6CL2
 TGbwwX65tfacUg+eS4K2bq75pbJrLQ9YN6+8uPPmol3e4lP8fpgaVzlhxvswbRcLdCuR
 wds7cLkQ+KJ404ed/3N3PDLXQ/JjX3yp+BFNFZ5L7Z041IWBWP6FWLKgDd8cL9tfIlZR
 eWVB8GXqTzOUaY6bdXqmPbDZTgNsH2S+12SaUsuUwCQTj1lUxIF3Fr+gTnuj6YGhP05H
 M1P7WAFLGTEWUtZXGzlGmfzgnQ+Tr/MgZCwe5wzH1QpKLjJGVLQnXyPV+1nsGUNy43Ha
 7YnQ==
X-Gm-Message-State: AOAM531XLRSqTESvZnLbXqVQj/Tbn3GE+hi1RoxbdHJsOwbK46xa+vo7
 qmSJ3gfGsT8B/8y4cHvx8dxPyTIyn/ZO
X-Google-Smtp-Source: ABdhPJwmXUvozcO3uOF5qDLMilyIFx5O9c1xiwuVSsFs+9TZe1dkPiLadHAYsAtcEd4mUDg241F/CQ==
X-Received: by 2002:a17:902:c404:: with SMTP id
 k4mr9447165plk.234.1597072695088; 
 Mon, 10 Aug 2020 08:18:15 -0700 (PDT)
Received: from ?IPv6:2606:6000:ce82:de00:ade1:cc9:44de:2efa?
 ([2606:6000:ce82:de00:ade1:cc9:44de:2efa])
 by smtp.gmail.com with ESMTPSA id s61sm20846214pjb.57.2020.08.10.08.18.13
 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 10 Aug 2020 08:18:13 -0700 (PDT)
From: Gordon Tetlow <gordon@tetlows.org>
Message-Id: <7B867168-6474-4286-A48D-F35925C9FADB@tetlows.org>
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-20:22.sqlite
Date: Mon, 10 Aug 2020 08:18:09 -0700
In-Reply-To: <0f00291d-e681-9cfc-bdb2-f7635ed81f33@shurik.kiev.ua>
Cc: Lukasz via freebsd-security <freebsd-security@freebsd.org>
To: Oleksandr Kryvulia <shuriku@shurik.kiev.ua>
References: <20200805175429.DDBF41B725@freefall.freebsd.org>
 <0f00291d-e681-9cfc-bdb2-f7635ed81f33@shurik.kiev.ua>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
X-Rspamd-Queue-Id: 4BQKNS5d3vz4Q1H
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-3.25 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[tetlows.org:s=google];
 NEURAL_HAM_MEDIUM(-1.06)[-1.062]; FROM_HAS_DN(0.00)[];
 MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
 NEURAL_HAM_LONG(-1.00)[-0.999]; RCVD_COUNT_THREE(0.00)[3];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[];
 DKIM_TRACE(0.00)[tetlows.org:+]; RCPT_COUNT_TWO(0.00)[2];
 RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::102f:from];
 NEURAL_HAM_SHORT(-0.69)[-0.692];
 DMARC_POLICY_ALLOW(-0.50)[tetlows.org,quarantine];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.33
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 15:18:18 -0000

> On Aug 10, 2020, at 7:21 AM, Oleksandr Kryvulia =
<shuriku@shurik.kiev.ua> wrote:
>=20
> 05.08.20 20:54, FreeBSD Security Advisories =D0=BF=D0=B8=D1=88=D0=B5=D1=82=
:
>> a) Download the relevant patch from the location below, and verify =
the
>> detached PGP signature using your PGP utility.
>>=20
>> [FreeBSD 12.1]
>> # =
fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.12.1.patch
>> # =
fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.12.1.patch.asc
>> # gpg --verify sqlite.12.1.patch.asc
>>=20
>> [FreeBSD 11.4]
>> # =
fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.11.4.patch
>> # =
fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.11.4.patch.asc
>> # gpg --verify sqlite.11.4.patch.asc
>>=20
>> [FreeBSD 11.3]
>> # =
fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.11.3.patch
>> # =
fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.11.3.patch.asc
>> # gpg --verify sqlite.11.3.patch.asc
>=20
> Hi,
> there is a typo in links -please replace "SA-20:21" with "SA-20:22"

Thanks for the report. I've already updated it on the website =
(https://www.freebsd.org/security/advisories/FreeBSD-SA-20:22.sqlite.asc =
<https://www.freebsd.org/security/advisories/FreeBSD-SA-20:22.sqlite.asc>)=
 based on a previous report.

Gordon=

From owner-freebsd-security@freebsd.org  Tue Aug 11 07:21:44 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id C674937D651
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Tue, 11 Aug 2020 07:21:44 +0000 (UTC)
 (envelope-from shuriku@shurik.kiev.ua)
Received: from mail.flex-it.com.ua (mail.flex-it.com.ua [193.239.74.7])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4BQkm72fBZz48JS
 for <freebsd-security@freebsd.org>; Tue, 11 Aug 2020 07:21:43 +0000 (UTC)
 (envelope-from shuriku@shurik.kiev.ua)
Received: from mail.lissoft.com.ua ([188.231.181.61]
 helo=thinkpad.flex-it.com.ua)
 by mail.flex-it.com.ua with esmtpsa  (TLS1.3) tls TLS_AES_128_GCM_SHA256
 (Exim 4.94 (FreeBSD)) (envelope-from <shuriku@shurik.kiev.ua>)
 id 1k5ObL-000G9P-F2
 for freebsd-security@freebsd.org; Tue, 11 Aug 2020 10:21:39 +0300
To: freebsd-security@freebsd.org
From: Oleksandr Kryvulia <shuriku@shurik.kiev.ua>
Subject: A question about Security Advisories
Message-ID: <49a1d50c-34d1-239f-1d52-1ebba6799d62@shurik.kiev.ua>
Date: Tue, 11 Aug 2020 10:21:34 +0300
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101
 Thunderbird/68.11.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Rspamd-Queue-Id: 4BQkm72fBZz48JS
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of shuriku@shurik.kiev.ua designates
 193.239.74.7 as permitted sender) smtp.mailfrom=shuriku@shurik.kiev.ua
X-Spamd-Result: default: False [-2.17 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[];
 FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain];
 TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[shurik.kiev.ua];
 RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.83)[-0.833];
 NEURAL_HAM_MEDIUM(-0.93)[-0.927];
 NEURAL_HAM_SHORT(-0.11)[-0.115]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:35297, ipnet:193.239.72.0/22, country:UA];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2020 07:21:44 -0000


  Hi,
Last years all Security Advisories regarding base system in the "update 
your vulnerable system via a source code patch " section recommends to 
rebuild a whole world instead of an affected part of a base system. This 
is in a most cases an overhead.

For example 9 years old SA-11:04 [1] offers:

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/usr.bin/compress
# make obj && make depend && make && make install
# cd /usr/src/usr.bin/gzip
# make obj && make depend && make && make install

What is a reason we stop to do it? I understand that the preferred way 
now is a binary upgrade.
Thank you.

[1] 
https://www.freebsd.org/security/advisories/FreeBSD-SA-11:04.compress.asc

From owner-freebsd-security@freebsd.org  Tue Aug 11 07:36:40 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2DBC937E479
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Tue, 11 Aug 2020 07:36:40 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4BQl5M1Szxz49Q8
 for <freebsd-security@freebsd.org>; Tue, 11 Aug 2020 07:36:38 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5])
 by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 07B7aFuG025143
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 11 Aug 2020 07:36:16 GMT (envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: shuriku@shurik.kiev.ua
Received: from [10.58.0.10] (dadv@dadvw [10.58.0.10])
 by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id 07B7aIcx061692
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT);
 Tue, 11 Aug 2020 14:36:18 +0700 (+07)
 (envelope-from eugen@grosbein.net)
Subject: Re: A question about Security Advisories
To: Oleksandr Kryvulia <shuriku@shurik.kiev.ua>, freebsd-security@freebsd.org
References: <49a1d50c-34d1-239f-1d52-1ebba6799d62@shurik.kiev.ua>
From: Eugene Grosbein <eugen@grosbein.net>
Message-ID: <08936836-2303-5bf4-f8a0-873b6dc830b8@grosbein.net>
Date: Tue, 11 Aug 2020 14:36:14 +0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <49a1d50c-34d1-239f-1d52-1ebba6799d62@shurik.kiev.ua>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM,
 NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no
 version=3.4.2
X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1%
 *      [score: 0.0000]
 * -0.0 SPF_PASS SPF: sender matches SPF record
 *  0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
 *  2.6 LOCAL_FROM From my domains
 * -0.0 NICE_REPLY_A Looks like a legit reply (A)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net
X-Rspamd-Queue-Id: 4BQl5M1Szxz49Q8
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism
 not recognized by this client) smtp.mailfrom=eugen@grosbein.net
X-Spamd-Result: default: False [-2.17 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.03)[-1.032]; FROM_HAS_DN(0.00)[];
 TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-0.998];
 MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net];
 RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 R_SPF_PERMFAIL(0.00)[empty SPF record];
 RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.04)[-0.038];
 FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE];
 RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2020 07:36:40 -0000

11.08.2020 14:21, Oleksandr Kryvulia wrote:
> 
>  Hi,
> Last years all Security Advisories regarding base system in the "update your vulnerable system via a source code patch " section recommends to rebuild a whole world instead of an affected part of a base system. This is in a most cases an overhead.
> 
> For example 9 years old SA-11:04 [1] offers:
> 
> b) Execute the following commands as root:
> 
> # cd /usr/src
> # patch < /path/to/patch
> # cd /usr/src/usr.bin/compress
> # make obj && make depend && make && make install
> # cd /usr/src/usr.bin/gzip
> # make obj && make depend && make && make install
> 
> What is a reason we stop to do it? I understand that the preferred way now is a binary upgrade.
> Thank you.

Also binary upgrade is not an option for STABLE users.