From owner-freebsd-security@FreeBSD.ORG Wed Jan 7 17:36:45 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C2D1E56F for ; Wed, 7 Jan 2015 17:36:45 +0000 (UTC) Received: from mail-lb0-f169.google.com (mail-lb0-f169.google.com [209.85.217.169]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 388C6195B for ; Wed, 7 Jan 2015 17:36:44 +0000 (UTC) Received: by mail-lb0-f169.google.com with SMTP id p9so1473856lbv.14 for ; Wed, 07 Jan 2015 09:36:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=GK7nncQKJpwaUBDQDkYlG+l+J4l/K6Rm4r7JFzvm9ls=; b=RCKYqo5cN+RQrY1avHLOCq5UoguC2DwsRdnNJddglVRH7urs8URinj0LaK/t3GIAnf vyqNEuSbY8aO9uRlrxGxk9Dmyj+KUSpquziPyUHSN1Pf1PBG+tp9s9FyVgSqGKUb9Wl8 RcCMNeufY1hmJ/EyxcK8A9AOon9jYk2lgE+stmjv7PXg6TnNMQsEOOllrQnHuAzlJtPo +DXohLe2sWZyU9NOFIbbumqsgRNeYUtug2jilf13P19S69F4nfeFuTp+3GP1kSHAXXpD Z7ZeI1c7vnz3aml+mIzaD5XBv7s5pzEKmcnVDxe/gxcvcOW2KMhkLcmwcnzMOLaJgB/G F6pQ== X-Gm-Message-State: ALoCoQmXRs6i+sHpAzj2Rywcf8gNKMZqQcJ4IAJQlBIpwEuAKqxG1khFKZ2AxkZU5p/Sq12J688G X-Received: by 10.152.5.198 with SMTP id u6mr6765240lau.42.1420652196139; Wed, 07 Jan 2015 09:36:36 -0800 (PST) MIME-Version: 1.0 Received: by 10.112.141.201 with HTTP; Wed, 7 Jan 2015 09:35:55 -0800 (PST) X-Originating-IP: [68.178.93.3] In-Reply-To: <86tx09gj1m.fsf@nine.des.no> References: <20141223233310.098C54BB6@nine.des.no> <86h9wln9nw.fsf@nine.des.no> <549A5492.6000503@grosbein.net> <868uhx43i5.fsf@nine.des.no> <20141226200838.DE83DACE@hub.freebsd.org> <8661cy9jim.fsf@nine.des.no> <20141231195427.AECE022B@hub.freebsd.org> <86y4plgjnm.fsf@nine.des.no> <86tx09gj1m.fsf@nine.des.no> From: Leif Pedersen Date: Wed, 7 Jan 2015 11:35:55 -0600 Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:31.ntp To: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jan 2015 17:36:45 -0000 On Fri, Jan 2, 2015 at 11:59 AM, Dag-Erling Sm=C3=B8rgrav wrot= e: > $ sudo env UNAME_r=3DX.Y-RELEASE freebsd-update -b /path/to/jail fetch > install I use freebsd-update enthusiastically, but I hadn't noticed the -b option before. I'm glad you mentioned it. I've always run freebsd-update inside of each jail, unnecessarily downloading everything repeatedly. It seems like -b doesn't work for upgrades though, unless I've missed something. Your example is for "fetch install", but naturally I extrapolated that it should work for "upgrade" also. Should one of the following work? My host has already been upgraded to 10.1 because it seems to me that upgrading the host first is required since a new kernel will support old userlands, but not necessarily the reverse (which I infer from the standard instructions to do installkernel before installworld). In this case, my jail is simply an independent directory; no nullfs magic or anything. # env UNAME_r=3D10.1-RELEASE freebsd-update -b /j/test upgrade freebsd-update: Release target must be specified via -r option. Or: # freebsd-update -b /j/test -r 10.1 upgrade freebsd-update: Cannot upgrade from 10.1-RELEASE to itself - Leif --=20 As implied by email protocols, the information in this message is not confidential. Any middle-man or recipient may inspect, modify, copy, forward, reply to, delete, or filter email for any purpose unless said parties are otherwise obligated. As the sender, I acknowledge that I have a lower expectation of the control and privacy of this message than I would a post-card. Further, nothing in this message is legally binding without cryptographic evidence of its integrity. http://bilbo.hobbiton.org/wiki/Eat_My_Sig