From owner-freebsd-stable@FreeBSD.ORG Sun Jan 25 04:20:19 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 12D1916A4CF for ; Sun, 25 Jan 2004 04:20:18 -0800 (PST) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D3B543D31 for ; Sun, 25 Jan 2004 04:20:12 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1])i0PCK1jc010357 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 25 Jan 2004 12:20:01 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i0PCK1H3010356; Sun, 25 Jan 2004 12:20:01 GMT (envelope-from matthew) Date: Sun, 25 Jan 2004 12:20:01 +0000 From: Matthew Seaman To: Chad M Stewart Message-ID: <20040125122001.GD5755@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Chad M Stewart , freebsd-stable@freebsd.org References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="osDK9TLjxFScVI/L" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.5.1i X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-stable@freebsd.org Subject: Re: updates and version numbers X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Jan 2004 12:20:19 -0000 --osDK9TLjxFScVI/L Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jan 25, 2004 at 05:12:01AM -0500, Chad M Stewart wrote: > Take sshd for example. I started with 4.9-stable and then updated the=20 > system using cvsup in what I believe is the correct manner. After all= =20 > that I am left with >=20 > sshd version OpenSSH_3.5p1 FreeBSD-20030924 > o - what is the base version of OpenSSH that 4.9-stable started with? =20 > Logic says that is 3.5p1, but I want to make sure I'm not missing some=20 > detail. Well, 4.9-STABLE covers the state of the 4-STABLE development branch since 4.9-RELEASE. But the release just marks a point-in-time of the continuous evolution along the 4-STABLE branch. Sounds as if maybe you meant to talk about the 4.9-RELEASE branch, which consists of 4.9-RELEASE + security patches. It is quite possible that OpenSSH 3.7.x will be imported to 4-STABLE, as it has already been imported into 5-CURRENT. It won't be imported to 4.9-RELEASE or 5.2-RELEASE. If there are any security problems discovered in OpenSSH, fixes will be applied to the ssh code in all supported branches (4.8-RELEASE, 4.9-RELEASE, 5.1-RELEASE, 5.2-RELEASE, 4-STABLE), and generally such patches have also been applied to all branches back to 4.3-RELEASE. 5-CURRENT will also be fixed, but as it's not a supported branch, it doesn't get mentioned in advisories. Such patches don't generally modify the version number sshd reports, although for 5-CURRENT and 4-STABLE such patching may be closely followed or replaced by importing the new version from upstream. 4-STABLE currently uses OpenSSH 3.5p1 as it did at the time of 4.9-RELEASE. The last OpenSSH security advisory was FreeBSD-SA-03:15.openssh released shortly before 4.9-RELEASE =20 > o - What patches have been applied to the base software to integrate=20 > with FreeBSD and more specifically security related patches? FreeBSD generally uses the OpenSSH 'portable' release with some quite minor modifications -- see http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/FREEBSD-upgrade For details of additional patches, see the list of security advisories at: http://www.freebsd.org/security/ You should subscribe to freebsd-announce@freebsd.org and/or freebsd-security@freebsd.org to receive notification of security advisories. =20 > Again I apologize if these are newbie questions that are answered=20 > somewhere in an FAQ. In which case feel free to send me a URL. I=20 > picked sshd as that is one service that I will be exposing and I want=20 > to make sure that I understand all of this and am not exposing a=20 > vulnerable version. Very sensible. Cheers, Matthew=09 --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --osDK9TLjxFScVI/L Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAE7RxdtESqEQa7a0RAliPAJ9z8WuQPi9P38lTebu4c65WfPUrgwCfdhBu 2w7xzjEoK0qyJX3MBMd6GwE= =GVpZ -----END PGP SIGNATURE----- --osDK9TLjxFScVI/L--