Freebsd-update to the new 11.0 release
Matthew Seaman
matthew at FreeBSD.org
Mon Oct 10 21:55:16 UTC 2016
On 10/10/2016 20:45, Doug Hardie wrote:
> The announcement email includes the following:
>
> Upgrading from FreeBSD 11.0-RELEASE
>
> # : > /usr/bin/bspatch
> # freebsd-update fetch
> # freebsd-update install
>
>
> That is different from the 11.0 Release notes description. It does
> not include the first line with bspatch. I don't use sh much so
> haven't quite figured out what that first line is doing. But, it
> seems there should be consistency between the announcement and the
> release notes. Which is the "right" way?
Zeroing bspatch is correct here. This disables (well, duh!) bspatch,
and so avoids the possibility of exploiting any of the bspatch heap
overflow, etc, vulnerabilities described in
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc
Be aware that because of the unfortunate timing of when various fixes
went into the 11.0-RELEASE sources there had been a number of people who
prematurely downloaded 11.0-RELEASE *before* the official announcement
and who therefore have not got the fixes to the latest set of security
advisories. 11.0-RELEASE was effectively re-rolled and released as
11.0-RELEASE-p1 and special care was taken so that freebsd-update(8)
could upgrade from the prematurely downloaded 11.0-RELEASE as well as
from the officially blessed 11.0-RELEASE-p1.
Remember folks, it's not been released until the fat lady sings^W^W^W
release engineer signs the announcement.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20161010/52895119/attachment.sig>
More information about the freebsd-questions
mailing list