Date: Sun, 25 Jan 2004 12:20:01 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Chad M Stewart <cms@balius.com> Cc: freebsd-stable@freebsd.org Subject: Re: updates and version numbers Message-ID: <20040125122001.GD5755@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <EADA32F8-4F1E-11D8-B3D3-000A959CF11A@balius.com> References: <EADA32F8-4F1E-11D8-B3D3-000A959CF11A@balius.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--osDK9TLjxFScVI/L
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Jan 25, 2004 at 05:12:01AM -0500, Chad M Stewart wrote:
> Take sshd for example. I started with 4.9-stable and then updated the=20
> system using cvsup in what I believe is the correct manner. After all=
=20
> that I am left with
>=20
> sshd version OpenSSH_3.5p1 FreeBSD-20030924
> o - what is the base version of OpenSSH that 4.9-stable started with? =20
> Logic says that is 3.5p1, but I want to make sure I'm not missing some=20
> detail.
Well, 4.9-STABLE covers the state of the 4-STABLE development branch
since 4.9-RELEASE. But the release just marks a point-in-time of the
continuous evolution along the 4-STABLE branch. Sounds as if maybe
you meant to talk about the 4.9-RELEASE branch, which consists of
4.9-RELEASE + security patches.
It is quite possible that OpenSSH 3.7.x will be imported to 4-STABLE,
as it has already been imported into 5-CURRENT. It won't be imported
to 4.9-RELEASE or 5.2-RELEASE. If there are any security problems
discovered in OpenSSH, fixes will be applied to the ssh code in all
supported branches (4.8-RELEASE, 4.9-RELEASE, 5.1-RELEASE,
5.2-RELEASE, 4-STABLE), and generally such patches have also been
applied to all branches back to 4.3-RELEASE. 5-CURRENT will also be
fixed, but as it's not a supported branch, it doesn't get mentioned in
advisories. Such patches don't generally modify the version number
sshd reports, although for 5-CURRENT and 4-STABLE such patching may be
closely followed or replaced by importing the new version from
upstream.
4-STABLE currently uses OpenSSH 3.5p1 as it did at the time of
4.9-RELEASE. The last OpenSSH security advisory was
FreeBSD-SA-03:15.openssh released shortly before 4.9-RELEASE
=20
> o - What patches have been applied to the base software to integrate=20
> with FreeBSD and more specifically security related patches?
FreeBSD generally uses the OpenSSH 'portable' release with some quite
minor modifications -- see
http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/FREEBSD-upgrade
For details of additional patches, see the list of security advisories
at:
http://www.freebsd.org/security/
You should subscribe to freebsd-announce@freebsd.org and/or
freebsd-security@freebsd.org to receive notification of security
advisories.
=20
> Again I apologize if these are newbie questions that are answered=20
> somewhere in an FAQ. In which case feel free to send me a URL. I=20
> picked sshd as that is one service that I will be exposing and I want=20
> to make sure that I understand all of this and am not exposing a=20
> vulnerable version.
Very sensible.
Cheers,
Matthew=09
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--osDK9TLjxFScVI/L
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAE7RxdtESqEQa7a0RAliPAJ9z8WuQPi9P38lTebu4c65WfPUrgwCfdhBu
2w7xzjEoK0qyJX3MBMd6GwE=
=GVpZ
-----END PGP SIGNATURE-----
--osDK9TLjxFScVI/L--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040125122001.GD5755>