Date: Tue, 6 Jan 2015 11:59:32 -0800 From: "Roger Marquis" <marquis@roble.com> To: =?iso-8859-1?Q?=22Dag-Erling_Sm=C3=B8rgrav=22?= <des@des.no> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:31.ntp In-Reply-To: <86y4plgjnm.fsf@nine.des.no> References: <20141223233310.098C54BB6@nine.des.no> <86h9wln9nw.fsf@nine.des.no> <549A5492.6000503@grosbein.net> <868uhx43i5.fsf@nine.des.no> <20141226200838.DE83DACE@hub.freebsd.org> <8661cy9jim.fsf@nine.des.no> <20141231195427.AECE022B@hub.freebsd.org> <86y4plgjnm.fsf@nine.des.no>
| previous in thread | raw e-mail | index | archive | help
> DES wrote: > I do it all the time: > $ sudo env UNAME_r=X.Y-RELEASE freebsd-update fetch install Not sure if using a jail to test is relevant but this never updates (my) binaries to the specified RELEASE/RELENG, only to the current kernel's patch level. Then there's the issue of specifying -RELEASE to mean -RELENG. > Not sure what you mean by scope issues. That's referring back to the original question of buildworld/installworld vs "cd /usr/src/path/to/patched/binary;make install" (vs freebsd-update) and the granularity of respective updates. > Actually, you want to do this from *outside* the jail, partly out of > healthy paranoia and partly so freebsd-update will re-use previously > downloaded indexes and patches Updates to non-jailed environments are the preferred method to be sure but patching and testing base updates in a jail can be more convenient. Roger
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>