From owner-freebsd-stable@FreeBSD.ORG  Thu Aug 28 12:54:26 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E983916A4BF
	for <stable@freebsd.org>; Thu, 28 Aug 2003 12:54:26 -0700 (PDT)
Received: from lariat.org (lariat.org [63.229.157.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E663043FE0
	for <stable@freebsd.org>; Thu, 28 Aug 2003 12:54:23 -0700 (PDT)
	(envelope-from brett@lariat.org)
Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org
	[63.229.157.2])	by lariat.org (8.9.3/8.9.3) with ESMTP id NAA25930;
	Thu, 28 Aug 2003 13:54:16 -0600 (MDT)
X-message-flag: Warning! Use of Microsoft Outlook renders your system
	susceptible to Internet worms.
Message-Id: <4.3.2.7.2.20030828133145.0313d860@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Thu, 28 Aug 2003 13:54:08 -0600
To: Colin Percival <colin.percival@wadham.ox.ac.uk>,
	Colin Percival <colin.percival@wadham.ox.ac.uk>, stable@freebsd.org
From: Brett Glass <brett@lariat.org>
In-Reply-To: <5.0.2.1.1.20030828110441.02d9f580@popserver.sfu.ca>
References: <4.3.2.7.2.20030828120019.0324b6a0@localhost>
 <5.0.2.1.1.20030828103403.02d683a8@popserver.sfu.ca>
 <200308280638.AAA19221@lariat.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: Re: Need to build some systems this week. Snapshots?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Aug 2003 19:54:27 -0000

At 12:16 PM 8/28/2003, Colin Percival wrote:
  
>At 12:01 28/08/2003 -0600, Brett Glass wrote:
>>Will this fix everything that needs to be recompiled to avoid the realpath()
>>bug?
>
>  Yes, that's the whole point of FreeBSD Update.  Read my paper, or come to BSDCon, for details; but rest assured that if you start with a binary install from the official FTP or ISO releases, and don't recompile any of the world locally, FreeBSD Update will update any binaries which are affected by modifications in the security branch.  

That's great.

What does one do about packages and ports? It appears that the binary packages on the FreeBSD servers are never updated between releases... which means that if a bug is in a package or is compiled into a package (as with the realpath problem), the FreeBSD servers keep sending out exploitable copies of that package indefinitely. The situation with ports is a bit better, but how does one know which ones to recompile and reinstall? Does your update system handle this situation and/or warn about it?

--Brett