From owner-freebsd-questions@FreeBSD.ORG Sat Jun 25 05:51:42 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C31C16A41F; Sat, 25 Jun 2005 05:51:42 +0000 (GMT) (envelope-from dennyboy@cableone.net) Received: from S1.cableone.net (smtp1.cableone.net [24.116.0.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5945443D49; Sat, 25 Jun 2005 05:51:42 +0000 (GMT) (envelope-from dennyboy@cableone.net) Received: from dualman.cableone.net (unverified [24.119.190.179]) by S1.cableone.net (CableOne SMTP Service S1) with ESMTP id 24000314 for multiple; Fri, 24 Jun 2005 22:51:57 -0700 Date: Sat, 25 Jun 2005 00:51:24 -0500 (CDT) From: Denny White To: Colin Percival In-Reply-To: <42BCDEDC.8080303@freebsd.org> Message-ID: <20050625002959.H74347@dualman.cableone.net> References: <42BCDEDC.8080303@freebsd.org> X-GPG-PUBLIC_KEY: http://wwwkeys.nl.pgp.net X-GPG-FINGERPRINT: D0A9 AD44 1F10 E09E OE67 EC25 CB44 F2E5 1644 E79A MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-IP-stats: Incoming Last 1, First 51, in=48, out=0, spam=0 X-External-IP: 24.119.190.179 X-Abuse-Info: Send abuse complaints to abuse@cableone.net Cc: freebsd-questions@freebsd.org Subject: re: freebsd-update fetch question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Jun 2005 05:51:42 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 24 Jun 2005, Colin Percival wrote: > I'm copy-and-pasting from the archives, since I'm not subscribed to > the freebsd-questions list; please CC me on replies. > > Denny White writes: >> [...] >> The following files are affected by security >> fixes, but have not been updated because they >> have been modified locally: > > To translate: "I looked at the files you have on disk, and I don't > recognize them -- they're not the files which shipped on the RELEASE > CD-ROMs, nor are they files which I provided to you. They might be > up to date, or they might not -- or you might have decided to replace > them with a program which calculates Pi. You'll have to decide what > you want to do with them yourself." > >> [...] >> FreeBSD dualman.cableone.net 5.4-RELEASE-p2 FreeBSD >> [...] >> >> So, I guess my question is, am I okay at this >> point, i.e., does freebsd-update's output mean >> they've already been fixed locally, or do I need >> to specify a branch and force an update on the >> files. > > If in doubt, read the advisory. FreeBSD security advisories > FreeBSD-SA-05:10.tcpdump and FreeBSD-SA-05:11.gzip say that the issues > were corrected in 5.4-RELEASE-p2, so if you did a buildworld and > installworld at the same time as you last updated your kernel (note > that the output of uname just tells you what version the kernel is, and > doesn't say anything about the world), then you're safe. > > Of course, assuming that you haven't deliberately changed those programs, > it wouldn't hurt to run > # freebsd-update --branch crypto fetch > # freebsd-update install > since that will just return those programs to their "canonical" form. (In > FreeBSD 5.3 and 5.4, there is only the "crypto" branch -- the releases no > longer ship with non-cryptographic binaries.) > > Colin Percival > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Seems like I always forget to read something. Should've read the security advisories very first thing. Just taking me a while to put all this together. Like being caught in one those jokes where, right when you're suckered into it, you ask the question that elicits the punchline. You don't tend to forget those. :) Backup to the basics. In fairness, I constantly am into several bsd books I've bought, handbook, web sites, google, this list, etc. But, I should've thought to read there, right on the first page of the web site. Cvsup RELENG_5_4, make buildworld, make buildkernel, make installkernel, reboot, all ok, drop to single user, make installworld, mergemaster & so on. All done the same time. So, should be good to go.Thanks for the help & the wakeup call, too. Denny White -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCvPDpy0Ty5RZE55oRAnLhAJ4pYY4JfCQGjG8TZQZf9u6SHCkjMwCfSiGI s0/dVxUVAPkgPyww7WoAkOU= =Ng0S -----END PGP SIGNATURE-----