From owner-freebsd-questions@FreeBSD.ORG Mon Oct 31 01:43:02 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2574F16A41F for ; Mon, 31 Oct 2005 01:43:02 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF01F43D45 for ; Mon, 31 Oct 2005 01:43:01 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by zproxy.gmail.com with SMTP id x3so790679nzd for ; Sun, 30 Oct 2005 17:43:01 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=cdERZw9n2t85fszAF90oF22ulo7RZz6gfOmST/WJtAOXYuFyhmWE3M5xbBOXCQgtwfNi/BvX4OMEr+hNynteJdG8P8b5iDcjZu8KVJ1L5p+I+GtM3PYugz4lImHvh1PeKTsZr7AVRzAiqoWc75d85Gb4g5mDBWSqYABVSkqs/A8= Received: by 10.36.227.1 with SMTP id z1mr2859291nzg; Sun, 30 Oct 2005 17:43:01 -0800 (PST) Received: by 10.37.20.34 with HTTP; Sun, 30 Oct 2005 17:43:00 -0800 (PST) Message-ID: Date: Mon, 31 Oct 2005 04:43:00 +0300 From: "Andrew P." To: "Grigory O. Ptashko" In-Reply-To: <1087232230.20051031003352@bk.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <1087232230.20051031003352@bk.ru> Cc: freebsd-questions@freebsd.org Subject: Re: Buildworld and Security advisories. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2005 01:43:02 -0000 On 10/31/05, Grigory O. Ptashko wrote: > Hello, list. > > I am new to FreeBSD source upgrading/patching source tree system. > After reading the following chapters from the handbook: > > 14.14 FreeBSD Security Advisories > 20 The Cutting Edge (about rebuilding "world") > > I have some questions. > > 1) If I install a FreeBSD RELEASE on a machine what do I have to do to > patch all those bugs listed in FreeBSD Security Advisories? > Is it enough to synchronize my source tree with the STABLE branch or > do I have to get all patches and apply them manualy? > And if I must patch the source tree manualy do I have to do this after > synchronizing the source tree with STABLE or before? Or it doesn't > matter? > > In two words what are the relations between patching the bugs listed in > Advisories and the process of synchronizing the source tree of the > RELEASE with the STABLE? > > 2) How often should I synchronize sources with the STABLE? > > Currently I am working with 4.11 RELEASE. > > > Thanks! > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > To get all security fixes for your OS, you should do _one_ of the following: * patch manually and recompile - as stated in the SA * syncronize to the security branch, i.e. RELENG_4_11 or RELENG_5_4, and rebuild world/kernel * syncronize to the stable branch, i.e. RELENG_4, RELENG_5 or RELENG_6, and rebuild world/kernel * perform a binary upgrade You can use either way each time a SA is published, no matter what way you have used last time. For example you can perform a binary upgrade from RELEASE to 5.4-p1, then patch manually and recompile to 5.4-p2 then sync to stable, then sync to security branch and so on. Sometimes binary and manual upgrades leave uname output "old", but they always fix a security hole. Often, users manually patch systems where a reboot is very undesirable, sync to security branch on all mission-critical servers, where a reboot is possible, sync to stable on all other servers and use binary upgrades on systems that are very slow, or limited in other ways.