From owner-freebsd-questions@freebsd.org Mon Oct 10 21:55:16 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AFE77C0C673 for ; Mon, 10 Oct 2016 21:55:16 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 43F6CEF9 for ; Mon, 10 Oct 2016 21:55:16 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local (unknown [IPv6:2001:8b0:151:1:1c1d:86a1:a200:b700]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id F33B3AB23 for ; Mon, 10 Oct 2016 21:55:11 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/F33B3AB23; dkim=none; dkim-atps=neutral Subject: Re: Freebsd-update to the new 11.0 release To: freebsd-questions@freebsd.org References: <4A0EB764-FACF-4D30-8844-E2A85026E23C@mail.sermon-archive.info> From: Matthew Seaman Message-ID: Date: Mon, 10 Oct 2016 22:55:04 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <4A0EB764-FACF-4D30-8844-E2A85026E23C@mail.sermon-archive.info> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="OGV7Ru3u9HWDLH8aWhMKbU9am8d5OaQCI" X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,RDNS_NONE, SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on smtp.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2016 21:55:16 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --OGV7Ru3u9HWDLH8aWhMKbU9am8d5OaQCI Content-Type: multipart/mixed; boundary="G2uVeAejfSV4lbqDH28C8xIdPNEgx0R5S"; protected-headers="v1" From: Matthew Seaman To: freebsd-questions@freebsd.org Message-ID: Subject: Re: Freebsd-update to the new 11.0 release References: <4A0EB764-FACF-4D30-8844-E2A85026E23C@mail.sermon-archive.info> In-Reply-To: <4A0EB764-FACF-4D30-8844-E2A85026E23C@mail.sermon-archive.info> --G2uVeAejfSV4lbqDH28C8xIdPNEgx0R5S Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 10/10/2016 20:45, Doug Hardie wrote: > The announcement email includes the following: >=20 > Upgrading from FreeBSD 11.0-RELEASE >=20 > # : > /usr/bin/bspatch > # freebsd-update fetch > # freebsd-update install >=20 >=20 > That is different from the 11.0 Release notes description. It does > not include the first line with bspatch. I don't use sh much so > haven't quite figured out what that first line is doing. But, it > seems there should be consistency between the announcement and the > release notes. Which is the "right" way? Zeroing bspatch is correct here. This disables (well, duh!) bspatch, and so avoids the possibility of exploiting any of the bspatch heap overflow, etc, vulnerabilities described in https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc Be aware that because of the unfortunate timing of when various fixes went into the 11.0-RELEASE sources there had been a number of people who prematurely downloaded 11.0-RELEASE *before* the official announcement and who therefore have not got the fixes to the latest set of security advisories. 11.0-RELEASE was effectively re-rolled and released as 11.0-RELEASE-p1 and special care was taken so that freebsd-update(8) could upgrade from the prematurely downloaded 11.0-RELEASE as well as from the officially blessed 11.0-RELEASE-p1. Remember folks, it's not been released until the fat lady sings^W^W^W release engineer signs the announcement. Cheers, Matthew --G2uVeAejfSV4lbqDH28C8xIdPNEgx0R5S-- --OGV7Ru3u9HWDLH8aWhMKbU9am8d5OaQCI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJX/A4/XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATyXoP/0a0/GcZ2QJhkFiTm3GlHb2S +d/rbwQbOr1s1ZL4K4e5T/m+nBk+J0mtzI20UfpOqz+CHGK67B6lUlUanRwNUlN1 NNx0RLpazqU5qauoKYTy68LvptS4lyNXlVBp6xZgkw6glx/nZYJS3MvR29aw0gVH 1qmewmlRjFs34iOwNeHKYLb4UQwlOWwxAY35QnAkT/S794JnZcd0GNw8x6wACMfh BtlyFBIvC1MJ+sngTBoB+58KSbf7Muv3v5AUshZvlpe141LmkbctCaeGuS7leCWF hraUmDFH1oQ7QoSFTueALMk5v494qqENKu0auxCXfT7ZjAWruho3qZJyryB+QJUo L2AHhlEM5xGs5qkdgd+pC9RDS0Uc2r6KhcJSuU5LEvL9ZaZ2Mihp0BCnYjjQFtze 7PTsnLLJPUR0R3PFP6YhL2P6Tnoenfw5CgZRUk/ye1T/uCD8s3vL+lY0QwWkRyel LotptkRI6wcJU4xygkyriWBc58WUJoOMH8KyYFW9/lDvXrzAmbfbxXt2+8JxoCcV 5qWrWWhp+sG5oA4GY7di1+UAtvC+wCnQwVrx7EMLTMM9bkiNL/T7UZyf1P1ZD5Sz 7Ygk41P8MXsZ4q2MDjRh5a1SEXX2w5lCQBJL7EJ4WouVd8VNXUlzJQiw1TL16lQR PwH/DwVwYCksYyjuS5xI =2Zkq -----END PGP SIGNATURE----- --OGV7Ru3u9HWDLH8aWhMKbU9am8d5OaQCI--