Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 26 Aug 2009 13:40:29 -0400
From:      Jerry McAllister <jerrymc@msu.edu>
To:        Jason <jhelfman@e-e.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: question about security updates
Message-ID:  <20090826174029.GC23872@gizmo.acns.msu.edu>
In-Reply-To: <20090826160816.GA35964@eggman.experts-exchange.com>
References:  <20090826160816.GA35964@eggman.experts-exchange.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Aug 26, 2009 at 09:08:17AM -0700, Jason wrote:

> I was wondering in the case of openssl:
> 
> http://security.freebsd.org/advisories/FreeBSD-SA-09:08.openssl.asc
> 
> Corrected:      2009-04-22 14:07:14 UTC (RELENG_7, 7.2-PRERELEASE)
>                 2009-04-22 14:07:14 UTC (RELENG_7_2, 7.2-RC2)
>                 2009-04-22 14:07:14 UTC (RELENG_7_1, 7.1-RELEASE-p5)
>                 2009-04-22 14:07:14 UTC (RELENG_7_0, 7.0-RELEASE-p12)
>                 2009-04-22 14:07:14 UTC (RELENG_6, 6.4-STABLE)
>                 2009-04-22 14:07:14 UTC (RELENG_6_4, 6.4-RELEASE-p4)
>                 2009-04-22 14:07:14 UTC (RELENG_6_3, 6.3-RELEASE-p10)
> CVE Name:       CVE-2009-0590
> 
> 
> I see that in release 7_2, that this was corrected. Does this mean that
> if I were to download the 7.2 iso, that this patch would already be applied
> to this release?

It would not be in the ISO.   That does not get changed after it
is released.   But if you do an update (CSUP) to RELENG_7_2
eg put the line *default tag=RELENG_7_2  in your supfile, then
that will download the security updates.   You then need to do the
builds as it tells in the handbook.

Make sure you read and understand the procedures in the handbook.
It will all work just fine.
I have done it many times.
But, don't try to shortcut or make guesses about the procedures
in the handbook.  Then you will be off in space and it will leave
something screwed up.

That is why the handbook was written and one of the things
that makes FreeBSD superior.

////jerry


> 
> To me, it seems that anything that isn't *-RELEASE-p? would be applied to
> the distributed iso, but I could be wrong.
> 
> Thanks,
> Jason
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090826174029.GC23872>