From owner-freebsd-questions@FreeBSD.ORG Fri Oct 1 21:27:15 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ADE40106566B for ; Fri, 1 Oct 2010 21:27:15 +0000 (UTC) (envelope-from freebsd.user@seibercom.net) Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by mx1.freebsd.org (Postfix) with ESMTP id A09D48FC0C for ; Fri, 1 Oct 2010 21:27:05 +0000 (UTC) Received: by pzk1 with SMTP id 1so69457pzk.13 for ; Fri, 01 Oct 2010 14:27:05 -0700 (PDT) Received: by 10.142.217.17 with SMTP id p17mr5324097wfg.65.1285968391277; Fri, 01 Oct 2010 14:26:31 -0700 (PDT) Received: from scorpio.seibercom.net (cpe-071-077-039-064.nc.res.rr.com [71.77.39.64]) by mx.google.com with ESMTPS id m4sm718650vcg.0.2010.10.01.14.26.29 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 01 Oct 2010 14:26:30 -0700 (PDT) Received: from scorpio (zeus [192.168.1.1]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: FreeBSD.user@scorpio.seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id 2AAB8E54835 for ; Fri, 1 Oct 2010 17:26:28 -0400 (EDT) Date: Fri, 1 Oct 2010 17:26:27 -0400 From: Jerry To: FreeBSD Message-ID: <20101001172627.395ce647@scorpio> In-Reply-To: <20101001210014.GD86640@eggman.experts-exchange.com> References: <20101001121332.5b04fa61@scorpio> <20101001171420.GE40148@dan.emsphone.com> <20101001165940.5d0e73f5@scorpio> <20101001210014.GD86640@eggman.experts-exchange.com> Organization: seibercom.net X-Mailer: Claws Mail 3.7.6 (GTK+ 2.20.1; amd64-portbld-freebsd8.1) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAG1BMVEX3/uPVnZf2/v9ejGkqHB74++H///+cHCT3m6cgqYvfAAACbElEQVQ4jWXTQW/bIBQAYJLJuRMn8TVCss9zTdrrXJ6bHe1Ej/bossF9EpJ3nbapf3sP8JxOQ4qV8OU9HvjBROWcYNlKHtxlQ1/huBaOBiMwQtgHhbokMLIT76Acps5hvy61+6WsjkCZzNEW0+fcQ7Nl5uoPCegjjjhN5/MEABd89k9hXkQoX6cwPIDKCt8tYG5wpmdrxAyuolTPqpiVoEpVCWvl6e00RAD4JBJQnO4lvv0O4Cnd3WUGevYNFohxFYAy7jCCtW39LaQK8BgDAgiHVinVJlCiFKlcqgEHfwb1EuG+DwFGMO3oCIuJIEYoa8KJECBB+UBldgm0MQmEGz7GQr8XYRPKzYNO1zZ8mgdAu4BG5Ke/4KFboM8458UScViAAvYD93OAsu+Bc3zxCU7ZAjT74+dQv9K7oO0d1wuscop48Pc50O5bcVwgGzh/mXzaizJuAWERh8k3eaxKmxu4kV1p2XOEg3i3c8M+EKR93P0D1KATpC55vMHaGqFf5f/AwhlrhHgg8DTezopt6I3o3Qx4q4q6YaPxK8RxcClXeFGhTTS++QR6TS/oBs7l4WhzuNMubZG6hIBkF4qqZVdWczIqSrjKVF/i4o26IP2oElBGFy5CXKSnf6UWDTC6zKSqoAvzsakjjBvdzLKnmxdhY8eRsX7VSCUBdgD1hVJpx6y2OOS1DNDILYmqdWUJ+oHvd0rRvAqX5kpxQMR6yxHzPV6VlPFyWE7LKc36keNQI64gLP8Ybgtmg+zYuBl4fuI8VqW2RqDGE8Uzu7GxGa803whDdxx3bSZbRhfQUSxvmnpLZWpRFqHz7v8AvsBe0S1zv9UAAAAASUVORK5CYII= Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: Re: Updating bzip2 to remove potential security vulnerability X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Oct 2010 21:27:15 -0000 On Fri, 1 Oct 2010 14:00:16 -0700 Jason articulated: > On Fri, Oct 01, 2010 at 04:59:40PM -0400, Jerry thus spake: > >On Fri, 1 Oct 2010 12:14:20 -0500 > >Dan Nelson articulated: > > > >> You must have missed > >> http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; > >> patches for 6, 7, and 8 are available there, and freebsd-update has > >> fixed binaries if you use that. > > > >Never saw it. So I am assuming that simply using something like: > > > >csup -L2 -h cvsup.FreeBSD.org > >"/usr/src/share/examples/cvsup/standard-supfile" > > > >Then rebuild Kernel & World is not going to work. Is that correct? > > The update instructions are in the announcement. Here is a snippet > from it: > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-10:08/bzip2.patch > # fetch http://security.FreeBSD.org/patches/SA-10:08/bzip2.patch.asc > > b) Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > # cd /usr/src/lib/libbz2 > # make obj && make depend && make && make install > > NOTE: On the amd64 platform, the above procedure will not update the > lib32 (i386 compatibility) libraries. On amd64 systems where the i386 > compatibility libraries are used, the operating system should instead > be recompiled as described in > > > 3) To update your vulnerable system via a binary patch: > > Systems running 6.4-RELEASE, 7.1-RELEASE, 7.3-RELEASE, 8.0-RELEASE or > 8.1-RELEASE on the i386 or amd64 platforms can be updated via the > freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install I all ready read that. If you reread my post, I was inquiring about simply downloading the source tree and then rebuilding world. The portion regarding amd64 systems pertains to me. Notice: On the amd64 platform, the above procedure will not update the > lib32 (i386 compatibility) libraries. On amd64 systems where the i386 > compatibility libraries are used, the operating system should instead > be recompiled as described in > Am I to infer that I could simply download the sources and rebuild world, or do I have to download the patches first? It would appear that I can simply update the sources and rebuild my kernel & world. Your post failed to address the question I posed. -- Jerry ✌ FreeBSD.user@seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________