Freebsd-update to the new 11.0 release

Doug Hardie doug at mail.sermon-archive.info
Mon Oct 10 22:02:26 UTC 2016 

I believe the fat lady already sang.....  From this morning mail (abbreviated)

Date: Mon, 10 Oct 2016 17:43:33 +0000 (UTC)
From: gjb at FreeBSD.org (Glen Barber)
Subject: [FreeBSD-Announce] FreeBSD 11.0-RELEASE Now Available
X-BeenThere: freebsd-announce at freebsd.org
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-announce>, 
 <mailto:freebsd-announce-request at freebsd.org?subject=subscribe>
Reply-To: FreeBSD Release Engineering Team <re at FreeBSD.org>
Cc: FreeBSD Release Engineering Team <re at FreeBSD.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

                       FreeBSD 11.0-RELEASE Announcement

   The FreeBSD Release Engineering Team is pleased to announce the
   availability of FreeBSD 11.0-RELEASE. This is the first release of the
   stable/11 branch.



Your description of the need for zapping bspatch should have been included in the release announcement.  Its a change (hopefully temporarily) from the normal procedure in the handbook and in the Release Notes.


> On 10 October 2016, at 14:55, Matthew Seaman <matthew at FreeBSD.org> wrote:
> 
> On 10/10/2016 20:45, Doug Hardie wrote:
>> The announcement email includes the following:
>> 
>> Upgrading from FreeBSD 11.0-RELEASE
>> 
>>      # : > /usr/bin/bspatch
>>      # freebsd-update fetch
>>      # freebsd-update install
>> 
>> 
>> That is different from the 11.0 Release notes description.  It does
>> not include the first line with bspatch.  I don't use sh much so
>> haven't quite figured out what that first line is doing.  But, it
>> seems there should be consistency between the announcement and the
>> release notes.  Which is the "right" way?
> 
> Zeroing bspatch is correct here.  This disables (well, duh!) bspatch,
> and so avoids the possibility of exploiting any of the bspatch heap
> overflow, etc, vulnerabilities described in
> https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc
> 
> Be aware that because of the unfortunate timing of when various fixes
> went into the 11.0-RELEASE sources there had been a number of people who
> prematurely downloaded 11.0-RELEASE *before* the official announcement
> and who therefore have not got the fixes to the latest set of security
> advisories.  11.0-RELEASE was effectively re-rolled and released as
> 11.0-RELEASE-p1 and special care was taken so that freebsd-update(8)
> could upgrade from the prematurely downloaded 11.0-RELEASE as well as
> from the officially blessed 11.0-RELEASE-p1.
> 
> Remember folks, it's not been released until the fat lady sings^W^W^W
> release engineer signs the announcement.
> 
> 	Cheers,
> 
> 	Matthew

More information about the freebsd-questions mailing list