On 10/31/05, Grigory O. Ptashko <[EMAIL PROTECTED]> wrote: > Hello, list. > > I am new to FreeBSD source upgrading/patching source tree system. > After reading the following chapters from the handbook: > > 14.14 FreeBSD Security Advisories > 20 The Cutting Edge (about rebuilding "world") > > I have some questions. > > 1) If I install a FreeBSD RELEASE on a machine what do I have to do to > patch all those bugs listed in FreeBSD Security Advisories? > Is it enough to synchronize my source tree with the STABLE branch or > do I have to get all patches and apply them manualy? > And if I must patch the source tree manualy do I have to do this after > synchronizing the source tree with STABLE or before? Or it doesn't > matter? > > In two words what are the relations between patching the bugs listed in > Advisories and the process of synchronizing the source tree of the > RELEASE with the STABLE? > > 2) How often should I synchronize sources with the STABLE? > > Currently I am working with 4.11 RELEASE. > > > Thanks! > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" >
To get all security fixes for your OS, you should do _one_ of the following: * patch manually and recompile - as stated in the SA * syncronize to the security branch, i.e. RELENG_4_11 or RELENG_5_4, and rebuild world/kernel * syncronize to the stable branch, i.e. RELENG_4, RELENG_5 or RELENG_6, and rebuild world/kernel * perform a binary upgrade You can use either way each time a SA is published, no matter what way you have used last time. For example you can perform a binary upgrade from RELEASE to 5.4-p1, then patch manually and recompile to 5.4-p2 then sync to stable, then sync to security branch and so on. Sometimes binary and manual upgrades leave uname output "old", but they always fix a security hole. Often, users manually patch systems where a reboot is very undesirable, sync to security branch on all mission-critical servers, where a reboot is possible, sync to stable on all other servers and use binary upgrades on systems that are very slow, or limited in other ways. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"