Date: Mon, 10 Oct 2016 22:55:04 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: Freebsd-update to the new 11.0 release Message-ID: <a5a1a7b0-c7ed-e3c1-908f-5b3e7adba235@FreeBSD.org> In-Reply-To: <4A0EB764-FACF-4D30-8844-E2A85026E23C@mail.sermon-archive.info> References: <4A0EB764-FACF-4D30-8844-E2A85026E23C@mail.sermon-archive.info>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --OGV7Ru3u9HWDLH8aWhMKbU9am8d5OaQCI Content-Type: multipart/mixed; boundary="G2uVeAejfSV4lbqDH28C8xIdPNEgx0R5S"; protected-headers="v1" From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Message-ID: <a5a1a7b0-c7ed-e3c1-908f-5b3e7adba235@FreeBSD.org> Subject: Re: Freebsd-update to the new 11.0 release References: <4A0EB764-FACF-4D30-8844-E2A85026E23C@mail.sermon-archive.info> In-Reply-To: <4A0EB764-FACF-4D30-8844-E2A85026E23C@mail.sermon-archive.info> --G2uVeAejfSV4lbqDH28C8xIdPNEgx0R5S Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 10/10/2016 20:45, Doug Hardie wrote: > The announcement email includes the following: >=20 > Upgrading from FreeBSD 11.0-RELEASE >=20 > # : > /usr/bin/bspatch > # freebsd-update fetch > # freebsd-update install >=20 >=20 > That is different from the 11.0 Release notes description. It does > not include the first line with bspatch. I don't use sh much so > haven't quite figured out what that first line is doing. But, it > seems there should be consistency between the announcement and the > release notes. Which is the "right" way? Zeroing bspatch is correct here. This disables (well, duh!) bspatch, and so avoids the possibility of exploiting any of the bspatch heap overflow, etc, vulnerabilities described in https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc Be aware that because of the unfortunate timing of when various fixes went into the 11.0-RELEASE sources there had been a number of people who prematurely downloaded 11.0-RELEASE *before* the official announcement and who therefore have not got the fixes to the latest set of security advisories. 11.0-RELEASE was effectively re-rolled and released as 11.0-RELEASE-p1 and special care was taken so that freebsd-update(8) could upgrade from the prematurely downloaded 11.0-RELEASE as well as from the officially blessed 11.0-RELEASE-p1. Remember folks, it's not been released until the fat lady sings^W^W^W release engineer signs the announcement. Cheers, Matthew --G2uVeAejfSV4lbqDH28C8xIdPNEgx0R5S-- --OGV7Ru3u9HWDLH8aWhMKbU9am8d5OaQCI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJX/A4/XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATyXoP/0a0/GcZ2QJhkFiTm3GlHb2S +d/rbwQbOr1s1ZL4K4e5T/m+nBk+J0mtzI20UfpOqz+CHGK67B6lUlUanRwNUlN1 NNx0RLpazqU5qauoKYTy68LvptS4lyNXlVBp6xZgkw6glx/nZYJS3MvR29aw0gVH 1qmewmlRjFs34iOwNeHKYLb4UQwlOWwxAY35QnAkT/S794JnZcd0GNw8x6wACMfh BtlyFBIvC1MJ+sngTBoB+58KSbf7Muv3v5AUshZvlpe141LmkbctCaeGuS7leCWF hraUmDFH1oQ7QoSFTueALMk5v494qqENKu0auxCXfT7ZjAWruho3qZJyryB+QJUo L2AHhlEM5xGs5qkdgd+pC9RDS0Uc2r6KhcJSuU5LEvL9ZaZ2Mihp0BCnYjjQFtze 7PTsnLLJPUR0R3PFP6YhL2P6Tnoenfw5CgZRUk/ye1T/uCD8s3vL+lY0QwWkRyel LotptkRI6wcJU4xygkyriWBc58WUJoOMH8KyYFW9/lDvXrzAmbfbxXt2+8JxoCcV 5qWrWWhp+sG5oA4GY7di1+UAtvC+wCnQwVrx7EMLTMM9bkiNL/T7UZyf1P1ZD5Sz 7Ygk41P8MXsZ4q2MDjRh5a1SEXX2w5lCQBJL7EJ4WouVd8VNXUlzJQiw1TL16lQR PwH/DwVwYCksYyjuS5xI =2Zkq -----END PGP SIGNATURE----- --OGV7Ru3u9HWDLH8aWhMKbU9am8d5OaQCI--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a5a1a7b0-c7ed-e3c1-908f-5b3e7adba235>