How do I know if my 13-stable has security patches?

[Kevin Oberman]

On Thu, Feb 25, 2021 at 6:10 AM Ed Maste <emaste at freebsd.org> wrote:

> On Thu, 25 Feb 2021 at 02:42, Kevin Oberman <rkoberman at gmail.com> wrote:
> >
> > Thanks, Ed, but where do I find this? uname -a" gives me
> stable/13-007101f87. For a while I was seeing a hyphenated number prefixed
> with a 'c' and I had assumed that that number was the sequence.
>
> It is (was) - we changed from 'c' to avoid having it look like a hex value.
>
> To generate (this part of) uname the build script runs:
>         if [ "$($git_cmd rev-parse --is-shallow-repository)" = false ] ;
> then
>                 git_cnt=$($git_cmd rev-list --first-parent --count
> HEAD 2>/dev/null)
>                 if [ -n "$git_cnt" ] ; then
>                         git="n${git_cnt}-${git}"
>                 fi
>         fi
>
> Would you try running, at the top of your stable/13 src tree:
> git rev-parse --is-shallow-repository
> git rev-list --first-parent --count HEAD
>

I do run a shallow clone, as I suspect most non-developers will.
# git rev-parse --is-shallow-repository
true
# git rev-list --first-parent --count HEAD
133

As for an easy check for the presence of a patch by hash, I like the "git
log --pretty=oneline" | grep  <hash>

This assumes that the sources have NOT been updated since the system was
updated. If they have, you can do a "egrep -n ^<hash>" on both the partial
hash in "uname -a" and in the security announcement and see which is older
by line number.

My thanks to Jeremy Chadwick for this approach.
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman at gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683