Buildworld and Security advisories.
Andrew P.
infofarmer at gmail.com
Sun Oct 30 17:43:02 PST 2005
On 10/31/05, Grigory O. Ptashko <trancer at bk.ru> wrote:
> Hello, list.
>
> I am new to FreeBSD source upgrading/patching source tree system.
> After reading the following chapters from the handbook:
>
> 14.14 FreeBSD Security Advisories
> 20 The Cutting Edge (about rebuilding "world")
>
> I have some questions.
>
> 1) If I install a FreeBSD RELEASE on a machine what do I have to do to
> patch all those bugs listed in FreeBSD Security Advisories?
> Is it enough to synchronize my source tree with the STABLE branch or
> do I have to get all patches and apply them manualy?
> And if I must patch the source tree manualy do I have to do this after
> synchronizing the source tree with STABLE or before? Or it doesn't
> matter?
>
> In two words what are the relations between patching the bugs listed in
> Advisories and the process of synchronizing the source tree of the
> RELEASE with the STABLE?
>
> 2) How often should I synchronize sources with the STABLE?
>
> Currently I am working with 4.11 RELEASE.
>
>
> Thanks!
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
To get all security fixes for your OS, you should do
_one_ of the following:
* patch manually and recompile - as stated in the SA
* syncronize to the security branch, i.e. RELENG_4_11
or RELENG_5_4, and rebuild world/kernel
* syncronize to the stable branch, i.e. RELENG_4,
RELENG_5 or RELENG_6, and rebuild world/kernel
* perform a binary upgrade
You can use either way each time a SA is published,
no matter what way you have used last time. For example
you can perform a binary upgrade from RELEASE to
5.4-p1, then patch manually and recompile to 5.4-p2
then sync to stable, then sync to security branch and
so on. Sometimes binary and manual upgrades leave
uname output "old", but they always fix a security hole.
Often, users manually patch systems where a reboot
is very undesirable, sync to security branch on all
mission-critical servers, where a reboot is possible,
sync to stable on all other servers and use binary
upgrades on systems that are very slow, or limited in
other ways.
More information about the freebsd-questions
mailing list