Re: How to install security updates ?

From: Guillaume Duc (guillaume_duc_at_yahoo.fr)
Date: 10/06/03 

Date: Mon, 06 Oct 2003 08:57:08 +0200

jpd wrote:

> In article <blovhg$lj9$1@matell.enst-bretagne.fr>, Guillaume Duc wrote:
>> I have been a Linux user for three years and I am testing FreeBSD. I
>
> As long as you don't assume ``FreeBSD is just the same as linux'', and
> keep an eye open for the differences, you should be fine.

I have installed FreeBSD in order to see the differences between FreeBSD and
GNU/Linux and to choose between these two very good operating systems. :-)

>> installed FreeBSD 4.8-STABLE yesterday (I tried 5.1 but it didn't work
>> very well on my laptop: my ethernet pccard isn't recognized and XFree 4.3
>> doesn't want to start due to a bug in the siliconmotion driver).
>
> 4.8 is still the recommended release for people wanting a stable system.
> (You already knew why.)
>
>
>> I have installed several packages (my laptop is quite slow and I can't
>> compile everything from ports) and I have seen that there are some
>> security notifications for the 4.8 branch (such as openssl, filedesc...).
>
> That's base system stuff. You can't upgrade that with packages, short
> of a full binary install of^W^Wupgrade to a new release. And 4.9 isn't
> out yet. There is, however, a 4.9-RC1 release.
>
>
>> I wonder how to apply these security updates: the description in the
>> openssl advisory is quite confusing and for filedesc they ask to
>> recompile the core system. Is there any way to apply these security
>> updates without having to recompile something (is there some kind of
>> security packages) ?
>
> Not that I know of. If there is that I haven't seen, maybe someone in
> the froup can fill this bit in. Like many, I regularly do a source-
> level update through cvsup and recompile. Even on my p166.
>
> If your laptop is at least a pentium and has, say, at least 32MB of
> memory you can compile the kernel in less than two hours. The rest of
> the base system will take a bit longer, but if you give it a night that
> should be plenty for both. Do use script(1) to save the output in case
> of errors.

Ok, maybe I have overestimated the compilation time on my PIII 700 laptop.

> If you have a 4.8 (or even 4.7) cd you can install the source from that
> and cvsup it up to the latest patches -- cvsup is really efficient that
> way.
>
>
>> I have seen
>> that there is a branch called RELENG_4_8 but I don't know how to use it.
>
> That is source level stuff: you configure cvsup to sync your source to
> the latest patchlevel and rebuild, kernel and world. The handbook has a
> walkthrough for configuring cvsup:
>
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html
>
> You'll want *default tag=RELENG_4_8 instead of *default tag=. for the
> source. You'll still want *default tag=. for upgrading ports though.
> (Yes, you can use different tags for different parts of the system.
> Other than tag=. for the ports collection you should use only one
> tag for all the sources and documentation.)
>
> If you have installed cvsup you have example supfiles on your system.

Thank you, I will try to recompile the kernel and the base system.

>> P.S.: Sorry for my bad english.
>
> Lessee; proper formatting, punctuation, quite acceptable language...
> You clearly spent some time getting your post right. That alone is much
> better than I've seen from postings from certain .com (or even .co.uk)
> addresses. Keep it up and there's no need to apologize.
>
>

Relevant Pages