From owner-freebsd-questions@FreeBSD.ORG Fri Oct 1 21:49:34 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 03D1710656B2 for ; Fri, 1 Oct 2010 21:49:34 +0000 (UTC) (envelope-from freebsd.user@seibercom.net) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id A78AC8FC15 for ; Fri, 1 Oct 2010 21:49:33 +0000 (UTC) Received: by yxn35 with SMTP id 35so1647753yxn.13 for ; Fri, 01 Oct 2010 14:49:32 -0700 (PDT) Received: by 10.220.75.200 with SMTP id z8mr1562612vcj.57.1285969772506; Fri, 01 Oct 2010 14:49:32 -0700 (PDT) Received: from scorpio.seibercom.net (cpe-071-077-039-064.nc.res.rr.com [71.77.39.64]) by mx.google.com with ESMTPS id f17sm1324264vbf.12.2010.10.01.14.49.31 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 01 Oct 2010 14:49:31 -0700 (PDT) Received: from scorpio (zeus [192.168.1.1]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: FreeBSD.user@scorpio.seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id DB5E7E54835 for ; Fri, 1 Oct 2010 17:49:29 -0400 (EDT) Date: Fri, 1 Oct 2010 17:49:29 -0400 From: Jerry To: FreeBSD Message-ID: <20101001174929.16d43ac1@scorpio> In-Reply-To: <20101001222316.00004e8c@unknown> References: <20101001121332.5b04fa61@scorpio> <20101001171420.GE40148@dan.emsphone.com> <20101001165940.5d0e73f5@scorpio> <20101001210014.GD86640@eggman.experts-exchange.com> <20101001222316.00004e8c@unknown> Organization: seibercom.net X-Mailer: Claws Mail 3.7.6 (GTK+ 2.20.1; amd64-portbld-freebsd8.1) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAG1BMVEX3/uPVnZf2/v9ejGkqHB74++H///+cHCT3m6cgqYvfAAACbElEQVQ4jWXTQW/bIBQAYJLJuRMn8TVCss9zTdrrXJ6bHe1Ej/bossF9EpJ3nbapf3sP8JxOQ4qV8OU9HvjBROWcYNlKHtxlQ1/huBaOBiMwQtgHhbokMLIT76Acps5hvy61+6WsjkCZzNEW0+fcQ7Nl5uoPCegjjjhN5/MEABd89k9hXkQoX6cwPIDKCt8tYG5wpmdrxAyuolTPqpiVoEpVCWvl6e00RAD4JBJQnO4lvv0O4Cnd3WUGevYNFohxFYAy7jCCtW39LaQK8BgDAgiHVinVJlCiFKlcqgEHfwb1EuG+DwFGMO3oCIuJIEYoa8KJECBB+UBldgm0MQmEGz7GQr8XYRPKzYNO1zZ8mgdAu4BG5Ke/4KFboM8458UScViAAvYD93OAsu+Bc3zxCU7ZAjT74+dQv9K7oO0d1wuscop48Pc50O5bcVwgGzh/mXzaizJuAWERh8k3eaxKmxu4kV1p2XOEg3i3c8M+EKR93P0D1KATpC55vMHaGqFf5f/AwhlrhHgg8DTezopt6I3o3Qx4q4q6YaPxK8RxcClXeFGhTTS++QR6TS/oBs7l4WhzuNMubZG6hIBkF4qqZVdWczIqSrjKVF/i4o26IP2oElBGFy5CXKSnf6UWDTC6zKSqoAvzsakjjBvdzLKnmxdhY8eRsX7VSCUBdgD1hVJpx6y2OOS1DNDILYmqdWUJ+oHvd0rRvAqX5kpxQMR6yxHzPV6VlPFyWE7LKc36keNQI64gLP8Ybgtmg+zYuBl4fuI8VqW2RqDGE8Uzu7GxGa803whDdxx3bSZbRhfQUSxvmnpLZWpRFqHz7v8AvsBe0S1zv9UAAAAASUVORK5CYII= Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: Re: Updating bzip2 to remove potential security vulnerability X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Oct 2010 21:49:34 -0000 On Fri, 1 Oct 2010 22:23:16 +0100 Bruce Cran articulated: > On Fri, 1 Oct 2010 14:00:16 -0700 > Jason wrote: > > > On Fri, Oct 01, 2010 at 04:59:40PM -0400, Jerry thus spake: > > >On Fri, 1 Oct 2010 12:14:20 -0500 > > >Dan Nelson articulated: > > > > > >> You must have missed > > >> http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; > > >> patches for 6, 7, and 8 are available there, and freebsd-update > > >> has fixed binaries if you use that. > > > > > >Never saw it. So I am assuming that simply using something like: > > > > > >csup -L2 -h cvsup.FreeBSD.org > > >"/usr/src/share/examples/cvsup/standard-supfile" > > > > > >Then rebuild Kernel & World is not going to work. Is that correct? > > > > The update instructions are in the announcement. Here is a snippet > > from it: > > Or yes, you can just update to the latest sources via csup - it's been > fixed in all supported security branches as well as HEAD (see > http://svn.freebsd.org/viewvc/base/releng/8.1/UPDATING?view=log for > example). OK, I just updated my sources; however, this notation from the UPDATING file does NOT appear in the UPDATING file on my machine: 20100920: p1 FreeBSD-SA-10:08.bzip2 Fix an integer overflow in RLE length parsing when decompressing corrupt bzip2 data. I am using this as the tag, which is probably incorrect. default release=cvs tag=RELENG_8 This is the stock standard-supfile. The stock stable-supfile has the same tag. -- Jerry ✌ FreeBSD.user@seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________