Date: Fri, 18 Nov 2011 15:12:31 -0500 From: Tom Carpenter <tomc@bio.umass.edu> To: freebsd-questions@freebsd.org Subject: Re: 8.2-RELEASE-p4 Message-ID: <4EC6BC2F.5030907@bio.umass.edu> In-Reply-To: <4EC13877.3070704@bio.umass.edu> References: <005301cca2b7$add11f20$09735d60$@co.ke> <4EC13877.3070704@bio.umass.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Is it not possible/not intended for kernels to be updated via freebsd-update? If kernels can be updated via freebsd-update will there be a release of an fix/update that will allow systems to be patched/updated to -p4 or later? -Tom Carpenter > On 11/14/2011 05:25 AM, Evalyn wrote: >> It touches the kernel but you need to do make builkernel/make installkernel >> before uname -a shows "8.2-RELEASE-p4". >> >> Regards, >> Evalyn >> >> >> -----Original Message----- >> From: owner-freebsd-questions@freebsd.org >> [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Matthew Seaman >> Sent: 12 November 2011 02:03 >> To: Robert Simmons >> Cc: freebsd-questions@freebsd.org >> Subject: Re: 8.2-RELEASE-p4 >> >> On 11/11/2011 21:03, Robert Simmons wrote: >>>> Note that if a security update is just to some userland programs, >>>>> freebsd-update won't touch the OS kernel, so the reported version >>>>> number doesn't change even though the update has been applied. In >>>>> these sort of cases, it's not necessary to reboot, just to restart >>>>> any long running processes (if any) affected by the update. The >>>>> security advisory should have more detailed instructions about >>>>> exactly what to do. (The -p2 to >>>>> -p3 update was like this, but the -p3 to -p4 update definitely did >>>>> affect the kernel so a reboot was necessary.) >>> I'm not confident that you are correct here. See above. Either p3-p4 >>> did not touch the kernel, or the OP has a legitimate question. >> Interesting. I based what I said on the text of the security advisories: >> >> http://security.freebsd.org/advisories/FreeBSD-SA-11:04.compress.asc >> http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc >> >> Specifically the 'Corrected:' section near the top. I think it's clear that >> FreeBSD-SA-11:04.compress (Corrected in 8.2-RELEASE-p3) doesn't involve >> anything in the kernel but FreeBSD-SA-11:05.unix (Corrected in >> 8.2-RELEASE-p4) is entirely within the kernel code. Except those advisories >> aren't telling the whole story. >> >> Lets look at r226023 in SVN. That's the revision quoted in the 11.05 >> advisory. The log for newvers.sh in >> >> http://svnweb.freebsd.org/base/releng/8.2/sys/conf/newvers.sh?view=log&pathr >> ev=226023 >> >> says that the patches in RELEASE-p4 were not actually the security fix >> -- rather they fixed a problem revealed by the actual security fix, which >> was applied simultaneously with the patches in FreeBSD-SA-11:04.compress. >> 11.05 was committed in two blobs spanning >> -p3 and -p4. >> >> So, the good news is that if you have at least 8.2-RELEASE-p3 then you don't >> have any (known) security holes. However if you don't have the patches in >> 8.2-RELEASE-p4 then linux apps run under emulation will crash if they use >> unix domain sockets. The flash plugin for FireFox being the most prominent >> example as I recall. >> >> Now the updates for -p4 certainly should have touched the kernel, and >> certainly should have resulted in an updated uname string[*]. There should >> also be a note about -p4 in /usr/src/UPDATING. Starting to wonder if the >> -p4 patches are actually available via freebsd-update(8) >> -- could they have been omitted because it wasn't actually a security fix? >> Odd that no one would have commented in a whole month if so. >> >> Cheers, >> >> Matthew >> >> >> >> [*] strings /boot/kernel/kernel | grep '8\.2-' should give the same >> results as uname(1): if it's different then the running kernel is not the >> same as the one on disk... >> >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EC6BC2F.5030907>