From owner-freebsd-questions@FreeBSD.ORG Wed Mar 3 08:40:25 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2257216A4CE for ; Wed, 3 Mar 2004 08:40:25 -0800 (PST) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6537743D31 for ; Wed, 3 Mar 2004 08:40:24 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1])i23GeC2p033655 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 3 Mar 2004 16:40:12 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i23GeCXk033654; Wed, 3 Mar 2004 16:40:12 GMT (envelope-from matthew) Date: Wed, 3 Mar 2004 16:40:12 +0000 From: Matthew Seaman To: Ronald Clark Message-ID: <20040303164012.GC32905@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Ronald Clark , Ed Budd , freebsd-questions@freebsd.org References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0lnxQi9hkpPO77W3" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions@freebsd.org Subject: Re: latest security advisory and 5.1R X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 16:40:25 -0000 --0lnxQi9hkpPO77W3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 03, 2004 at 08:35:00AM -0600, Ronald Clark wrote: > I have what I hope is a simple question. If I cvsup my sources and > complete the makeworld and installworld processes, will that install the > patch, or do I need to apply manually and recompile the kernel? (I have > been under the impression that doing a cvsup would download and install > the patch when sources were updated) So long as you are cvsup'ing one of the branches where the fix has been applied: that's HEAD, RELENG_5_2, RELENG_4_9, RELENG_4_8 or RELENG_4, then yes: cvsup, followed by make {build,install}{world,kernel} will remove the vulnerability. It seems that the fix has not been applied to the RELENG_5_1 branch, so 5.1-RELEASE users really should think about upgrading to 5.2.1-RELEASE. You can download the patches as shown in the advisory and apply them by hand if you really want to, but that should be left to masochists only as it does pretty well exactly what cvsup'ing does, except it takes a lot more concentration and has a greater risk of fat-fingering the keyboard and so shooting yourself in the foot. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --0lnxQi9hkpPO77W3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFARgpsdtESqEQa7a0RAs2AAJ9Aq4Ss6lrj+MU5QZW6jNpDBK9MEACeLRu2 EhMrNQMqof/YUSIy+1e9cQY= =wbMf -----END PGP SIGNATURE----- --0lnxQi9hkpPO77W3--