question about security updates

Jerry McAllister jerrymc at
Wed Aug 26 17:44:06 UTC 2009

On Wed, Aug 26, 2009 at 09:08:17AM -0700, Jason wrote:

> I was wondering in the case of openssl:
> Corrected:      2009-04-22 14:07:14 UTC (RELENG_7, 7.2-PRERELEASE)
>                 2009-04-22 14:07:14 UTC (RELENG_7_2, 7.2-RC2)
>                 2009-04-22 14:07:14 UTC (RELENG_7_1, 7.1-RELEASE-p5)
>                 2009-04-22 14:07:14 UTC (RELENG_7_0, 7.0-RELEASE-p12)
>                 2009-04-22 14:07:14 UTC (RELENG_6, 6.4-STABLE)
>                 2009-04-22 14:07:14 UTC (RELENG_6_4, 6.4-RELEASE-p4)
>                 2009-04-22 14:07:14 UTC (RELENG_6_3, 6.3-RELEASE-p10)
> CVE Name:       CVE-2009-0590
> I see that in release 7_2, that this was corrected. Does this mean that
> if I were to download the 7.2 iso, that this patch would already be applied
> to this release?

It would not be in the ISO.   That does not get changed after it
is released.   But if you do an update (CSUP) to RELENG_7_2
eg put the line *default tag=RELENG_7_2  in your supfile, then
that will download the security updates.   You then need to do the
builds as it tells in the handbook.

Make sure you read and understand the procedures in the handbook.
It will all work just fine.
I have done it many times.
But, don't try to shortcut or make guesses about the procedures
in the handbook.  Then you will be off in space and it will leave
something screwed up.

That is why the handbook was written and one of the things
that makes FreeBSD superior.


> To me, it seems that anything that isn't *-RELEASE-p? would be applied to
> the distributed iso, but I could be wrong.
> Thanks,
> Jason
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list