Paul Andrews <[EMAIL PROTECTED]> wrote: > Matthew, > > Thanks for the information. You might have already answered this but I'm > not 100% sure, once I have cvsup RELENG_4_10 do I need to buildworld > just to get the errata branch installed or can I just do as: > > make buildkernel KERNCONF=GENERIC > make installkernel KERNCONF=GENERIC > > or is it better to do > > make buildworld > make buildkernel KERNCONF=GENERIC > make installkernel KERNCONF=GENERIC > reboot (signal user) > mergemaster -p > make installworld > mergemaster > reboot > > Also is it necessary to do the mergemater part of the buildworld process.
Do the entire process: world, kernel, mergemaster. If you have a good understanding of the patches required to fix the particular security issues you are trying to fix, it's possible to determine which of these steps can be skipped. However, if you're asking the question, it's probably best to do all three to ensure that you've got everything. Once you're caught up via this method, each additional security advisary will detail the steps required to patch the problem. It's also possible to simply cvsup, rebuild world, rebuild kernel, mergemaster and be confident that everything required was done, so if you're not sure you fully understand the steps outlined in a particular security advisary, you can always just go through the entire process to be sure. > Thanks again for the assistance. > > Paul > > Matthew Seaman wrote: > > On Thu, Sep 02, 2004 at 10:39:04PM -0600, Paul Andrews wrote: > > > > > >>I'm looking for some information on the Errata Branch for 4.10. I just > >>re-installed my FreeBSD system and am now running 4.10-RELEASE. I want > >>to make sure that I am running with the most-up-to-date security patches > >>applied. > > > > > > Yes. All you need to do is cvsup to the head of the RELENG_4_10 > > branch, and compile and install using that code. > > > > > >>I would like to know the steps necessary for appling the changes in > >>RELENG_4_10. Also how can I tell if the security patchs and code fixes > >>have been applied. > > > > > > Just using cvsup will get you all of the security and other fixes. > > That includes all of the patches included in the various security > > advisories issued by the FreeBSD project. > > > > To get a newly installed system up to the latest patch level, using > > cvsup and doing a complete buildworld cycle is your best bet. For any > > further Errata or Security Advisories, you can always do another > > buildworld cycle, or there will usually be instructions in the > > advisory on how to just recompile only the affected bits. > > > > If you go the whole 'buildworld' route each time, the uname(1) output > > will show the patchlevel of the system: currently that's > > 4.10-RELEASE-p2 after the release of FreeBSD-SA-04:13 on June 30th. > > > > Instructions on how to do a buildworld can be found in: > > > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html > > > > and also be sure to read /usr/src/UPDATING after cvsup'ing to see if > > there are any special instructions. > > > > > >>My stable-subfile: > >>*default host=cvsup12.freebsd.org > >>*default base=/usr > >>*default prefix=/usr > >>*default release=cvs tag=RELENG_4_10 > >>*default delete use-rel-suffix > >>src-all > > > > > > That looks fine to me. > > > > Cheers, > > > > Matthew > > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- Bill Moran Potential Technologies http://www.potentialtech.com _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"