Tom Carpenter tomc at bio.umass.edu
Fri Nov 18 20:12:36 UTC 2011

Is it not possible/not intended for kernels to be updated via
freebsd-update? If kernels can be updated via freebsd-update
will there be a release of an fix/update that will allow systems
to be patched/updated to -p4 or later?

-Tom Carpenter

> On 11/14/2011 05:25 AM, Evalyn wrote:
>> It touches the kernel but you need to do make builkernel/make installkernel
>> before uname -a shows "8.2-RELEASE-p4".
>> Regards,
>> Evalyn
>> -----Original Message-----
>> From: owner-freebsd-questions at freebsd.org
>> [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Matthew Seaman
>> Sent: 12 November 2011 02:03
>> To: Robert Simmons
>> Cc: freebsd-questions at freebsd.org
>> Subject: Re: 8.2-RELEASE-p4
>> On 11/11/2011 21:03, Robert Simmons wrote:
>>>> Note that if a security update is just to some userland programs,
>>>>> freebsd-update won't touch the OS kernel, so the reported version
>>>>> number doesn't change even though the update has been applied.  In
>>>>> these sort of cases, it's not necessary to reboot, just to restart
>>>>> any long running processes (if any) affected by the update.  The
>>>>> security advisory should have more detailed instructions about
>>>>> exactly what to do.  (The -p2 to
>>>>> -p3 update was like this, but the -p3 to -p4 update definitely did
>>>>> affect the kernel so a reboot was necessary.)
>>> I'm not confident that you are correct here.  See above.  Either p3-p4
>>> did not touch the kernel, or the OP has a legitimate question.
>> Interesting.  I based what I said on the text of the security advisories:
>> http://security.freebsd.org/advisories/FreeBSD-SA-11:04.compress.asc
>> http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc
>> Specifically the 'Corrected:' section near the top.  I think it's clear that
>> FreeBSD-SA-11:04.compress (Corrected in 8.2-RELEASE-p3) doesn't involve
>> anything in the kernel but FreeBSD-SA-11:05.unix (Corrected in
>> 8.2-RELEASE-p4) is entirely within the kernel code.  Except those advisories
>> aren't telling the whole story.
>> Lets look at r226023 in SVN.  That's the revision quoted in the 11.05
>> advisory.  The log for newvers.sh in
>> http://svnweb.freebsd.org/base/releng/8.2/sys/conf/newvers.sh?view=log&pathr
>> ev=226023
>> says that the patches in RELEASE-p4 were not actually the security fix
>> -- rather they fixed a problem revealed by the actual security fix, which
>> was applied simultaneously with the patches in FreeBSD-SA-11:04.compress.
>> 11.05 was committed in two blobs spanning
>> -p3 and -p4.
>> So, the good news is that if you have at least 8.2-RELEASE-p3 then you don't
>> have any (known) security holes.  However if you don't have the patches in
>> 8.2-RELEASE-p4 then linux apps run under emulation will crash if they use
>> unix domain sockets.  The flash plugin for FireFox being the most prominent
>> example as I recall.
>> Now the updates for -p4 certainly should have touched the kernel, and
>> certainly should have resulted in an updated uname string[*].  There should
>> also be a note about -p4 in /usr/src/UPDATING.  Starting to wonder if the
>> -p4 patches are actually available via freebsd-update(8)
>> -- could they have been omitted because it wasn't actually a security fix?
>> Odd that no one would have commented in a whole month if so.
>>     Cheers,
>>     Matthew
>> [*] strings /boot/kernel/kernel | grep '8\.2-'   should give the same
>> results as uname(1): if it's different then the running kernel is not the
>> same as the one on disk...
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list