From owner-freebsd-questions@FreeBSD.ORG  Fri Oct  1 21:04:43 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 006C3106566C
	for <freebsd-questions@freebsd.org>;
	Fri,  1 Oct 2010 21:04:43 +0000 (UTC)
	(envelope-from jhelfman@e-e.com)
Received: from mail.experts-exchange.com (mail.experts-exchange.com
	[72.29.183.251])
	by mx1.freebsd.org (Postfix) with ESMTP id CCEE98FC19
	for <freebsd-questions@freebsd.org>;
	Fri,  1 Oct 2010 21:04:42 +0000 (UTC)
Received: from mail.experts-exchange.com (localhost [127.0.0.1])
	by mail.experts-exchange.com (Postfix) with ESMTP id 73829F2F43F
	for <freebsd-questions@freebsd.org>;
	Fri,  1 Oct 2010 14:04:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=e-e.com; h=
	user-agent:in-reply-to:content-disposition:content-type
	:content-type:mime-version:references:message-id:subject:subject
	:from:from:date:date:received:received:received; s=ee; t=
	1285967064; x=1287781464; bh=2Zz/SwHKIK/qL003qwmxV6TvRammYaMo/bs
	pEtSVYlk=; b=GeHd6ns6XPK8rNup9QVwJhSpZ1uOhVB8N40hJoekRHsbv/VTUjY
	fcFH/wHrpVvIJhYqR17yyP/A7g6706VxZTedn4gyCS29A30dh8DDUeDGYd0SUHJe
	/UNeEWYejC4ffrYAbATglwAHVfZZr7oQw59LjA4IJu5pDi2VWtSicnRE=
X-Virus-Scanned: amavisd-new at experts-exchange.com
Received: from mail.experts-exchange.com ([127.0.0.1])
	by mail.experts-exchange.com (mail.experts-exchange.com [127.0.0.1])
	(amavisd-new, port 10024)
	with ESMTP id PItHCqYL-tUW for <freebsd-questions@freebsd.org>;
	Fri,  1 Oct 2010 14:04:24 -0700 (PDT)
Received: from eggman.experts-exchange.com (unknown [192.168.103.122])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested) (Authenticated sender: jhelfman)
	by mail.experts-exchange.com (Postfix) with ESMTPSA id 0C0ECF2F430
	for <freebsd-questions@freebsd.org>;
	Fri,  1 Oct 2010 14:03:02 -0700 (PDT)
Received: by eggman.experts-exchange.com (sSMTP sendmail emulation);
	Fri, 01 Oct 2010 14:00:16 -0700
Date: Fri, 1 Oct 2010 14:00:16 -0700
From: Jason <jhelfman@e-e.com>
To: FreeBSD <freebsd-questions@freebsd.org>
Message-ID: <20101001210014.GD86640@eggman.experts-exchange.com>
References: <20101001121332.5b04fa61@scorpio>
	<20101001171420.GE40148@dan.emsphone.com>
	<20101001165940.5d0e73f5@scorpio>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <20101001165940.5d0e73f5@scorpio>
X-Operating-System: FreeBSD 7.3-RELEASE-p2
X-Living-The-Dream: I love the SLO Life!
User-Agent: Mutt/1.5.20 (2009-06-14)
Subject: Re: Updating bzip2 to remove potential security vulnerability
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Oct 2010 21:04:43 -0000

On Fri, Oct 01, 2010 at 04:59:40PM -0400, Jerry thus spake:
>On Fri, 1 Oct 2010 12:14:20 -0500
>Dan Nelson <dnelson@allantgroup.com> articulated:
>
>> You must have missed
>> http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ;
>> patches for 6, 7, and 8 are available there, and freebsd-update has
>> fixed binaries if you use that.
>
>Never saw it. So I am assuming that simply using something like:
>
>csup -L2 -h cvsup.FreeBSD.org "/usr/src/share/examples/cvsup/standard-supfile"
>
>Then rebuild Kernel & World is not going to work. Is that correct?

The update instructions are in the announcement. Here is a snippet from
it:

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/SA-10:08/bzip2.patch
# fetch http://security.FreeBSD.org/patches/SA-10:08/bzip2.patch.asc

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/libbz2
# make obj && make depend && make && make install

NOTE: On the amd64 platform, the above procedure will not update the
lib32 (i386 compatibility) libraries.  On amd64 systems where the i386
compatibility libraries are used, the operating system should instead
be recompiled as described in
<URL:http://www.FreeBSD.org/handbook/makeworld.html>

3) To update your vulnerable system via a binary patch:

Systems running 6.4-RELEASE, 7.1-RELEASE, 7.3-RELEASE, 8.0-RELEASE or
8.1-RELEASE on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install