Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 27 May 2002 12:37:01 +0100
From:      Daniel Bye <DAN@SlightlyStrange.org>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Security update howto?
Message-ID:  <20020527113701.GA24194@icarus.slightlystrange.org>
In-Reply-To: <AE7FA198-70F0-11D6-905D-000A278CC960@antsclimbtree.com>
References:  <B8CE1F2A.B8A%mark@antsclimbtree.com> <AE7FA198-70F0-11D6-905D-000A278CC960@antsclimbtree.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 26, 2002 at 02:36:47PM -0700, Mark Edwards wrote:
> I've got an install of FreeBSD 4.5 running along quite nicely and I'm 
> subscribed to the security mailing list.  Every once in a while I get a 
> security notice that recommends "Upgrade your vulnerable system to 
> 4.5-STABLE or the RELENG_4_4 or RELENG_4_5 security branch dated after the 
> respective correction dates."
> 
> I've looked around for more info on this, and I'm still a bit confused.  
> What is the best way to stay on top of security updates on FreeBSD?  I just 
> want a no-hassle update to stay on top of this stuff.  Am I supposed to use 
> CVS to download new source and rebuild from that?  I've used CVS to update 
> my /usr/ports directory with no problem.  Is there a  way to do a binary 
> update for security purposes only?
> 
> Where do I go for clear-cut information on this process?
> 

Hi Mark,

I use cvsup to stay on top of this.  Use the tag RELENG_4_5.  Once you
have synchronised your source, you can either do a make world (see ch9
and 19 in the handbook for details) and rebuild the entire base system and
kernel, or you can simply rebuild the affected application (I think they
provide instructions with each security bulletin).  The make world is 
probably the safest way to do it, as that way you know you are getting 
all changes merged into the source tree since your last rebuild.

There is an experimental binary-only upgrade path in testing - if you 
use it, you are expected to provide feedback on how you find it.  I have
not tried it, so can't comment on any benefits it might offer over doing
it all manually.  You can get more details in section V.3 of the latest
security notification (bzip2).

I don't think you will get a truly hassle-free way of doing it - you will
have to invest a certain amount of effort to stay up to date, but it soon
becomes second nature, and is certainly worth it in the long run.

Dan

-- 
Daniel Bye

PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020527113701.GA24194>