Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 23 Dec 2002 16:24:29 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Re: how to check a revision of a file
Message-ID:  <20021223162429.GA17603@happy-idiot-talk.infracaninophi>
In-Reply-To: <000201c2aa93$e5f72910$952b6e94@lucifer>
References:  <000201c2aa93$e5f72910$952b6e94@lucifer>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 23, 2002 at 03:59:31PM +0100, Didier Wiroth wrote:

> I was reading this security advisorie:
> ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:43.bind.asc
> 
> At the end of the file you can read for example this information:
> src/contrib/bind/CHANGES
>   RELENG_4                                                    1.1.1.7.2.8
>   RELENG_4_7                                              1.1.1.7.2.7.2.1
>   RELENG_4_6                                              1.1.1.7.2.6.2.2
>   RELENG_4_5                                              1.1.1.7.2.4.4.2
>   RELENG_4_4                                              1.1.1.7.2.4.2.2
> src/contrib/bind/bin/named/db_defs.h
>   RELENG_4                                                    1.1.1.2.2.6
>   RELENG_4_7                                              1.1.1.2.2.5.2.1
>   RELENG_4_6                                              1.1.1.2.2.4.2.2
>   RELENG_4_5                                              1.1.1.2.2.3.4.2
>   RELENG_4_4                                              1.1.1.2.2.3.2.2
> etc...
> I'm using 4.7-Release and I was wondering if my sources where uptodate! I
> looked at my /usr/src/contrib/bind... files but I could not find any kind of
> "Revision" numbers for example db_defs.h started with:
>  *      from db.h       4.16 (Berkeley) 6/1/90
>  *      $Id: db_defs.h,v 8.47 2002/05/18 01:02:53 marka Exp $
>  */
> There were no "revision" annotations anywhere in the file:
> 
> How do you find out if you have the correct sources of the files before
> recompiling and installing?

Usually all you need to do is find the $FreeBSD label in the file, eg.

    % grep -F '$FreeBSD' /usr/src/UPDATING
    $FreeBSD: src/UPDATING,v 1.73.2.76 2002/11/20 16:56:45 bmah Exp $

Any file originating from the FreeBSD project will have a revision
label like that, as will many files imported from other sources.

However, as you correctly observe, some contributed sources don't
contain the revision label.  In this case you've got to go to a
FreeBSD cvs repository and grab a copy of the appropriate version of
the file and compare it directly with what you have on your system.

eg.
    http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/contrib/bind/CHANGES?rev=1.1.1.7.2.8

Download the appropriate version, and diff(1) it against the version
in your source tree.  If it's the same, then you're happy.  If there
are differences, you're going to have to use the cvsweb.cgi interface
to see if it corresponds to an earlier or later version of the file
than shown in the advisory, and act accordingly.

Alternatively, look at the dates that fixes were applied as notified
in the advisory: if you last cvsup'd using one of the listed tags
after the given date (and did a {build,install}world cycle) then
you're in the clear.

In the specific case you mention, 4.7-RELEASE does contain the
vulnerability in question.  Those are the files in CVS tagged with
RELENG_4_7_0_RELEASE.  Your best option is probably to upgrade to
4.7-RELEASE-p2 which is the latest version on the RELENG_4_7 branch
and contains only minimal changes (all of which are security fixes)
compared to 4.7-RELEASE.


	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
                                                      Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021223162429.GA17603>