From owner-freebsd-questions@freebsd.org Mon Oct 10 22:02:26 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8C3F3C0C8A8 for ; Mon, 10 Oct 2016 22:02:26 +0000 (UTC) (envelope-from doug@mail.sermon-archive.info) Received: from zoom.lafn.org (zoom.lafn.org [108.92.93.123]) by mx1.freebsd.org (Postfix) with ESMTP id 768E93D9; Mon, 10 Oct 2016 22:02:25 +0000 (UTC) (envelope-from doug@mail.sermon-archive.info) Received: from [10.0.1.4] (unknown [71.177.216.148]) by zoom.lafn.org (Postfix) with ESMTPSA id B4EBF34ACF1; Mon, 10 Oct 2016 15:02:24 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\)) Subject: Re: Freebsd-update to the new 11.0 release From: Doug Hardie In-Reply-To: Date: Mon, 10 Oct 2016 15:02:24 -0700 Cc: freebsd-questions@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <049978C4-1D04-4B6E-B7A4-9D0FE2233037@mail.sermon-archive.info> References: <4A0EB764-FACF-4D30-8844-E2A85026E23C@mail.sermon-archive.info> To: Matthew Seaman X-Mailer: Apple Mail (2.3226) X-Virus-Scanned: clamav-milter 0.98 at zoom.lafn.org X-Virus-Status: Clean X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2016 22:02:26 -0000 I believe the fat lady already sang..... =46rom this morning mail = (abbreviated) Date: Mon, 10 Oct 2016 17:43:33 +0000 (UTC) From: gjb@FreeBSD.org (Glen Barber) Subject: [FreeBSD-Announce] FreeBSD 11.0-RELEASE Now Available X-BeenThere: freebsd-announce@freebsd.org List-Subscribe: = ,=20 Reply-To: FreeBSD Release Engineering Team Cc: FreeBSD Release Engineering Team -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 FreeBSD 11.0-RELEASE Announcement The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 11.0-RELEASE. This is the first release of = the stable/11 branch. Your description of the need for zapping bspatch should have been = included in the release announcement. Its a change (hopefully = temporarily) from the normal procedure in the handbook and in the = Release Notes. > On 10 October 2016, at 14:55, Matthew Seaman = wrote: >=20 > On 10/10/2016 20:45, Doug Hardie wrote: >> The announcement email includes the following: >>=20 >> Upgrading from FreeBSD 11.0-RELEASE >>=20 >> # : > /usr/bin/bspatch >> # freebsd-update fetch >> # freebsd-update install >>=20 >>=20 >> That is different from the 11.0 Release notes description. It does >> not include the first line with bspatch. I don't use sh much so >> haven't quite figured out what that first line is doing. But, it >> seems there should be consistency between the announcement and the >> release notes. Which is the "right" way? >=20 > Zeroing bspatch is correct here. This disables (well, duh!) bspatch, > and so avoids the possibility of exploiting any of the bspatch heap > overflow, etc, vulnerabilities described in > = https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc >=20 > Be aware that because of the unfortunate timing of when various fixes > went into the 11.0-RELEASE sources there had been a number of people = who > prematurely downloaded 11.0-RELEASE *before* the official announcement > and who therefore have not got the fixes to the latest set of security > advisories. 11.0-RELEASE was effectively re-rolled and released as > 11.0-RELEASE-p1 and special care was taken so that freebsd-update(8) > could upgrade from the prematurely downloaded 11.0-RELEASE as well as > from the officially blessed 11.0-RELEASE-p1. >=20 > Remember folks, it's not been released until the fat lady sings^W^W^W > release engineer signs the announcement. >=20 > Cheers, >=20 > Matthew