From owner-freebsd-questions@FreeBSD.ORG Fri Nov 18 20:12:36 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 73880106566B for ; Fri, 18 Nov 2011 20:12:36 +0000 (UTC) (envelope-from tomc@bio.umass.edu) Received: from marlin.bio.umass.edu (marlin.bio.umass.edu [128.119.55.19]) by mx1.freebsd.org (Postfix) with ESMTP id 297FF8FC08 for ; Fri, 18 Nov 2011 20:12:35 +0000 (UTC) Received: from [172.30.55.86] (neutopia.bio.umass.edu [128.119.55.8]) (authenticated bits=0) by marlin.bio.umass.edu (8.14.4/8.14.4) with ESMTP id pAIKCV3s006992 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 18 Nov 2011 15:12:35 -0500 (EST) Message-ID: <4EC6BC2F.5030907@bio.umass.edu> Date: Fri, 18 Nov 2011 15:12:31 -0500 From: Tom Carpenter User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.23) Gecko/20110922 Lightning/1.0b2 Thunderbird/3.1.15 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <005301cca2b7$add11f20$09735d60$@co.ke> <4EC13877.3070704@bio.umass.edu> In-Reply-To: <4EC13877.3070704@bio.umass.edu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.6 (marlin.bio.umass.edu [128.119.55.19]); Fri, 18 Nov 2011 15:12:35 -0500 (EST) X-Scanned-By: MIMEDefang 2.68 on 128.119.55.19 Subject: Re: 8.2-RELEASE-p4 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Nov 2011 20:12:36 -0000 Is it not possible/not intended for kernels to be updated via freebsd-update? If kernels can be updated via freebsd-update will there be a release of an fix/update that will allow systems to be patched/updated to -p4 or later? -Tom Carpenter > On 11/14/2011 05:25 AM, Evalyn wrote: >> It touches the kernel but you need to do make builkernel/make installkernel >> before uname -a shows "8.2-RELEASE-p4". >> >> Regards, >> Evalyn >> >> >> -----Original Message----- >> From: owner-freebsd-questions@freebsd.org >> [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Matthew Seaman >> Sent: 12 November 2011 02:03 >> To: Robert Simmons >> Cc: freebsd-questions@freebsd.org >> Subject: Re: 8.2-RELEASE-p4 >> >> On 11/11/2011 21:03, Robert Simmons wrote: >>>> Note that if a security update is just to some userland programs, >>>>> freebsd-update won't touch the OS kernel, so the reported version >>>>> number doesn't change even though the update has been applied. In >>>>> these sort of cases, it's not necessary to reboot, just to restart >>>>> any long running processes (if any) affected by the update. The >>>>> security advisory should have more detailed instructions about >>>>> exactly what to do. (The -p2 to >>>>> -p3 update was like this, but the -p3 to -p4 update definitely did >>>>> affect the kernel so a reboot was necessary.) >>> I'm not confident that you are correct here. See above. Either p3-p4 >>> did not touch the kernel, or the OP has a legitimate question. >> Interesting. I based what I said on the text of the security advisories: >> >> http://security.freebsd.org/advisories/FreeBSD-SA-11:04.compress.asc >> http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc >> >> Specifically the 'Corrected:' section near the top. I think it's clear that >> FreeBSD-SA-11:04.compress (Corrected in 8.2-RELEASE-p3) doesn't involve >> anything in the kernel but FreeBSD-SA-11:05.unix (Corrected in >> 8.2-RELEASE-p4) is entirely within the kernel code. Except those advisories >> aren't telling the whole story. >> >> Lets look at r226023 in SVN. That's the revision quoted in the 11.05 >> advisory. The log for newvers.sh in >> >> http://svnweb.freebsd.org/base/releng/8.2/sys/conf/newvers.sh?view=log&pathr >> ev=226023 >> >> says that the patches in RELEASE-p4 were not actually the security fix >> -- rather they fixed a problem revealed by the actual security fix, which >> was applied simultaneously with the patches in FreeBSD-SA-11:04.compress. >> 11.05 was committed in two blobs spanning >> -p3 and -p4. >> >> So, the good news is that if you have at least 8.2-RELEASE-p3 then you don't >> have any (known) security holes. However if you don't have the patches in >> 8.2-RELEASE-p4 then linux apps run under emulation will crash if they use >> unix domain sockets. The flash plugin for FireFox being the most prominent >> example as I recall. >> >> Now the updates for -p4 certainly should have touched the kernel, and >> certainly should have resulted in an updated uname string[*]. There should >> also be a note about -p4 in /usr/src/UPDATING. Starting to wonder if the >> -p4 patches are actually available via freebsd-update(8) >> -- could they have been omitted because it wasn't actually a security fix? >> Odd that no one would have commented in a whole month if so. >> >> Cheers, >> >> Matthew >> >> >> >> [*] strings /boot/kernel/kernel | grep '8\.2-' should give the same >> results as uname(1): if it's different then the running kernel is not the >> same as the one on disk... >> >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >