freebsd-update fetch question
Colin Percival
cperciva at freebsd.org
Sat Jun 25 04:35:07 GMT 2005
I'm copy-and-pasting from the archives, since I'm not subscribed to
the freebsd-questions list; please CC me on replies.
Denny White writes:
> [...]
> The following files are affected by security
> fixes, but have not been updated because they
> have been modified locally:
To translate: "I looked at the files you have on disk, and I don't
recognize them -- they're not the files which shipped on the RELEASE
CD-ROMs, nor are they files which I provided to you. They might be
up to date, or they might not -- or you might have decided to replace
them with a program which calculates Pi. You'll have to decide what
you want to do with them yourself."
> [...]
> FreeBSD dualman.cableone.net 5.4-RELEASE-p2 FreeBSD
> [...]
>
> So, I guess my question is, am I okay at this
> point, i.e., does freebsd-update's output mean
> they've already been fixed locally, or do I need
> to specify a branch and force an update on the
> files.
If in doubt, read the advisory. FreeBSD security advisories
FreeBSD-SA-05:10.tcpdump and FreeBSD-SA-05:11.gzip say that the issues
were corrected in 5.4-RELEASE-p2, so if you did a buildworld and
installworld at the same time as you last updated your kernel (note
that the output of uname just tells you what version the kernel is, and
doesn't say anything about the world), then you're safe.
Of course, assuming that you haven't deliberately changed those programs,
it wouldn't hurt to run
# freebsd-update --branch crypto fetch
# freebsd-update install
since that will just return those programs to their "canonical" form. (In
FreeBSD 5.3 and 5.4, there is only the "crypto" branch -- the releases no
longer ship with non-cryptographic binaries.)
Colin Percival
More information about the freebsd-questions
mailing list