Re: FreeBSD Security Advisory FreeBSD-SA-24:01.bhyveload

From: George Mitchell <george+freebsd_at_m5p.com>
Date: Fri, 16 Feb 2024 13:48:34 UTC
For a complicated reason, I avoid "freebsd-update" and update the
kernel and the world from source.

Given that perhaps I am an idiot, nevertheless I addressed this
particular security advisory by updating my /usr/src tree, and
(having observed what files were updated) running:

cd /usr/src/lib/libutil
make
make install
cd /usr/src/usr.sbin/bhyveload
make
make install
cp -p /usr/src/usr.sbin/periodic/etc/daily/480.leapfile-ntpd \
  /etc/periodic/daily/480.leapfile-ntpd

So I think I have the appropriate stuff installed now, though of
course freebsd-version -u still reports 13.2-RELEASE-p9 instead of
-p10, and the daily security run says:

FreeBSD-13.2_9 is vulnerable:
   FreeBSD -- bhyveload(8) host file access
   CVE: CVE-2024-25940
   WWW: 
https://vuxml.FreeBSD.org/freebsd/c62285cb-cb46-11ee-b609-002590c1f29c.html

Is there a hack that lets me fool freebsd-version into reporting -p10
instead of -p9?                                            -- George

P.S. Feel free to scold me for stupidly trying to do things the wrong
way.