FreeBSD Security Advisory FreeBSD-SA-14:31.ntp

[Roger Marquis]

> DES wrote:
> I do it all the time:
> $ sudo env UNAME_r=X.Y-RELEASE freebsd-update fetch install

Not sure if using a jail to test is relevant but this never updates (my)
binaries to the specified RELEASE/RELENG, only to the current kernel's patch
level.

Then there's the issue of specifying -RELEASE to mean -RELENG.

> Not sure what you mean by scope issues.

That's referring back to the original question of buildworld/installworld vs
"cd /usr/src/path/to/patched/binary;make install" (vs freebsd-update) and the
granularity of respective updates.

> Actually, you want to do this from *outside* the jail, partly out of
> healthy paranoia and partly so freebsd-update will re-use previously
> downloaded indexes and patches

Updates to non-jailed environments are the preferred method to be sure but
patching and testing base updates in a jail can be more convenient.

Roger