updates and version numbers

Matthew Seaman m.seaman at infracaninophile.co.uk
Sun Jan 25 04:20:19 PST 2004 

On Sun, Jan 25, 2004 at 05:12:01AM -0500, Chad M Stewart wrote:

> Take sshd for example.  I started with 4.9-stable and then updated the 
> system using cvsup in what I believe is the correct manner.   After all 
> that I am left with
> 
> sshd version OpenSSH_3.5p1 FreeBSD-20030924

> o - what is the base version of OpenSSH that 4.9-stable started with?  
> Logic says that is 3.5p1, but I want to make sure I'm not missing some 
> detail.

Well, 4.9-STABLE covers the state of the 4-STABLE development branch
since 4.9-RELEASE.  But the release just marks a point-in-time of the
continuous evolution along the 4-STABLE branch.  Sounds as if maybe
you meant to talk about the 4.9-RELEASE branch, which consists of
4.9-RELEASE + security patches.

It is quite possible that OpenSSH 3.7.x will be imported to 4-STABLE,
as it has already been imported into 5-CURRENT.  It won't be imported
to 4.9-RELEASE or 5.2-RELEASE.  If there are any security problems
discovered in OpenSSH, fixes will be applied to the ssh code in all
supported branches (4.8-RELEASE, 4.9-RELEASE, 5.1-RELEASE,
5.2-RELEASE, 4-STABLE), and generally such patches have also been
applied to all branches back to 4.3-RELEASE.  5-CURRENT will also be
fixed, but as it's not a supported branch, it doesn't get mentioned in
advisories.  Such patches don't generally modify the version number
sshd reports, although for 5-CURRENT and 4-STABLE such patching may be
closely followed or replaced by importing the new version from
upstream.

4-STABLE currently uses OpenSSH 3.5p1 as it did at the time of
4.9-RELEASE.  The last OpenSSH security advisory was
FreeBSD-SA-03:15.openssh released shortly before 4.9-RELEASE
 
> o - What patches have been applied to the base software to integrate 
> with FreeBSD and more specifically security related patches?

FreeBSD generally uses the OpenSSH 'portable' release with some quite
minor modifications -- see

    http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/FREEBSD-upgrade

For details of additional patches, see the list of security advisories
at:

    http://www.freebsd.org/security/

You should subscribe to freebsd-announce at freebsd.org and/or
freebsd-security at freebsd.org to receive notification of security
advisories.
 
> Again I apologize if these are newbie questions that are answered 
> somewhere in an FAQ.  In which case feel free to send me a URL.   I 
> picked sshd as that is one service that I will be exposing and I want 
> to make sure that I understand all of this and am not exposing a 
> vulnerable version.

Very sensible.

	Cheers,

	Matthew	

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20040125/23eb4050/attachment.bin

More information about the freebsd-stable mailing list