Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 2 Mar 2005 11:45:45 -0600
From:      Nathan Kinkade <nkinkade@ub.edu.bz>
To:        Stevan Tiefert <stevan@rot-1.de>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: security advisories and the creating time of my system
Message-ID:  <20050302174545.GT3678@gentoo-npk.bmp.ub>
In-Reply-To: <20050302182210.U25321@mail.rot-1.de>
References:  <20050302162016.W24958@mail.rot-1.de> <20050302154409.GO3678@gentoo-npk.bmp.ub> <4225E3D7.7030709@locolomo.org> <20050302161524.GR3678@gentoo-npk.bmp.ub> <20050302182210.U25321@mail.rot-1.de>

next in thread | previous in thread | raw e-mail | index | archive | help

--Q43QQdzFtqSKgsg+
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Mar 02, 2005 at 06:25:48PM +0100, Stevan Tiefert wrote:
> On Wed, 2 Mar 2005, Nathan Kinkade wrote:
>=20
> > On Wed, Mar 02, 2005 at 05:03:35PM +0100, Erik Norgaard wrote:
> > > Nathan Kinkade wrote:
> > > >>The security advisory give me the possibility to patch my system or=
 to
> > > >>download the "patched" FreeBSD via ftp. How can I recognize which c=
reation
> > > >>time the running system has?
> > > >
> > > >Try the command `uname -v`.
> > >
> > > AFAIK this command tells you the build time, but now how fresh the
> > > source was.
> > >
> > > Erik
> >
> > Yes, you are correct, but he mentions that he wants to know the
> > "creation" (build?) time of the "running system," so I figured that the
> > date/time provided by uname was what he was looking for.  Maybe you are
> > right, though.  Perhaps more important is whether his sources are newer
> > than the fix date.
> >
> > Nathan
>=20
> Hello Nathan,
>=20
> I need the date/time to decide if I need to download a version from the
> ftp-server in belief I would not need to patch my system anymore. But you
> are writing there is a better method to decide when a download is
> necessary or not? Which one?

No, I don't mean to imply that there is a better method.  It just
depends on what you are trying to determine.  If you regularly use cvsup
to update your sources and you have cvsup'd since the correction date of
the security warning then you don't need to download the patch, as you
would already have merged the corrections into the source tree on your
local machine.  In that case, you could just recompile the utility, or
the kernel, as they case may be.  If you have no idea whether you have
sync'd your sources since the correction date of the security date, then
you can alway look at the CVS version string in the file in question.
It will look something like:

$FreeBSD: src/sbin/ifconfig/ifconfig.c,v 1.92 2003/10/26 04:36:47 peter Exp=
 $

Basically, if your sources, or the particular source file in question,
are not newer than correction date listed in the security alert then you
need to follow the directions to fix or workaround the problem.

Nathan

--Q43QQdzFtqSKgsg+
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCJfvJO0ZIEthSfkkRAqppAJ0eC7Mh77pyviORrqvlrqWv9nsULwCfXsVf
ZT80aIDKdUwIjG4HkaI5oG0=
=TU/8
-----END PGP SIGNATURE-----

--Q43QQdzFtqSKgsg+--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050302174545.GT3678>