Re: 8.2-RELEASE-p4
If I'm the OP (original poster ?) I'm running GENERIC, and 'uname -a' output has remained '8.2-RELEASE-p4' despite running 'freebsd-update fetch', 'freebsd-update install', and then rebooting the system, over the past couple of weeks. I did download the source, ran 'freebsd-update fetch' and 'freebsd-update install' to update the source, then compiled a new kernel using the GENERIC config file, rebooted, and now 'uname -a' output shows the '-p4' version number, but I was trying to avoid compiling kernels. -Tom Carpenter On 11/20/2011 02:37 AM, Matthew Seaman wrote: On 19/11/2011 23:26, Robert Simmons wrote: On Fri, Nov 18, 2011 at 3:50 PM, Matthew Seaman m.sea...@infracaninophile.co.uk wrote: If you compile your own kernel, then freebsd-update will patch the kernel sources, but leave you to rebuild and reinstall your customized kernel. I don't know about the -p4 update. By rights it should have involved updating the kernel by one or other of the two methods shown. So far however, we've seen two reports questioning that[*] and none saying that the -p4 update did in fact update the kernel. Which is suspicious, but hardly conclusive. Do you compile your own kernel, or do you have a machine that uses GENERIC? If you do, what is the output of uname -a on it? Me personally? No, in general I track -STABLE on my systems. Try asking the OP. Matthew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.2-RELEASE-p4
On Fri, Nov 18, 2011 at 3:50 PM, Matthew Seaman m.sea...@infracaninophile.co.uk wrote: If you compile your own kernel, then freebsd-update will patch the kernel sources, but leave you to rebuild and reinstall your customized kernel. I don't know about the -p4 update. By rights it should have involved updating the kernel by one or other of the two methods shown. So far however, we've seen two reports questioning that[*] and none saying that the -p4 update did in fact update the kernel. Which is suspicious, but hardly conclusive. Do you compile your own kernel, or do you have a machine that uses GENERIC? If you do, what is the output of uname -a on it? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.2-RELEASE-p4
On 19/11/2011 23:26, Robert Simmons wrote: On Fri, Nov 18, 2011 at 3:50 PM, Matthew Seaman m.sea...@infracaninophile.co.uk wrote: If you compile your own kernel, then freebsd-update will patch the kernel sources, but leave you to rebuild and reinstall your customized kernel. I don't know about the -p4 update. By rights it should have involved updating the kernel by one or other of the two methods shown. So far however, we've seen two reports questioning that[*] and none saying that the -p4 update did in fact update the kernel. Which is suspicious, but hardly conclusive. Do you compile your own kernel, or do you have a machine that uses GENERIC? If you do, what is the output of uname -a on it? Me personally? No, in general I track -STABLE on my systems. Try asking the OP. Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: 8.2-RELEASE-p4
Is it not possible/not intended for kernels to be updated via freebsd-update? If kernels can be updated via freebsd-update will there be a release of an fix/update that will allow systems to be patched/updated to -p4 or later? -Tom Carpenter On 11/14/2011 05:25 AM, Evalyn wrote: It touches the kernel but you need to do make builkernel/make installkernel before uname -a shows 8.2-RELEASE-p4. Regards, Evalyn -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Matthew Seaman Sent: 12 November 2011 02:03 To: Robert Simmons Cc: freebsd-questions@freebsd.org Subject: Re: 8.2-RELEASE-p4 On 11/11/2011 21:03, Robert Simmons wrote: Note that if a security update is just to some userland programs, freebsd-update won't touch the OS kernel, so the reported version number doesn't change even though the update has been applied. In these sort of cases, it's not necessary to reboot, just to restart any long running processes (if any) affected by the update. The security advisory should have more detailed instructions about exactly what to do. (The -p2 to -p3 update was like this, but the -p3 to -p4 update definitely did affect the kernel so a reboot was necessary.) I'm not confident that you are correct here. See above. Either p3-p4 did not touch the kernel, or the OP has a legitimate question. Interesting. I based what I said on the text of the security advisories: http://security.freebsd.org/advisories/FreeBSD-SA-11:04.compress.asc http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc Specifically the 'Corrected:' section near the top. I think it's clear that FreeBSD-SA-11:04.compress (Corrected in 8.2-RELEASE-p3) doesn't involve anything in the kernel but FreeBSD-SA-11:05.unix (Corrected in 8.2-RELEASE-p4) is entirely within the kernel code. Except those advisories aren't telling the whole story. Lets look at r226023 in SVN. That's the revision quoted in the 11.05 advisory. The log for newvers.sh in http://svnweb.freebsd.org/base/releng/8.2/sys/conf/newvers.sh?view=logpathr ev=226023 says that the patches in RELEASE-p4 were not actually the security fix -- rather they fixed a problem revealed by the actual security fix, which was applied simultaneously with the patches in FreeBSD-SA-11:04.compress. 11.05 was committed in two blobs spanning -p3 and -p4. So, the good news is that if you have at least 8.2-RELEASE-p3 then you don't have any (known) security holes. However if you don't have the patches in 8.2-RELEASE-p4 then linux apps run under emulation will crash if they use unix domain sockets. The flash plugin for FireFox being the most prominent example as I recall. Now the updates for -p4 certainly should have touched the kernel, and certainly should have resulted in an updated uname string[*]. There should also be a note about -p4 in /usr/src/UPDATING. Starting to wonder if the -p4 patches are actually available via freebsd-update(8) -- could they have been omitted because it wasn't actually a security fix? Odd that no one would have commented in a whole month if so. Cheers, Matthew [*] strings /boot/kernel/kernel | grep '8\.2-' should give the same results as uname(1): if it's different then the running kernel is not the same as the one on disk... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.2-RELEASE-p4
On 18/11/2011 20:12, Tom Carpenter wrote: Is it not possible/not intended for kernels to be updated via freebsd-update? If kernels can be updated via freebsd-update will there be a release of an fix/update that will allow systems to be patched/updated to -p4 or later? freebsd-update will certainly update your kernel for you, so long as you are using a standard GENERIC kernel from the install media or from a previous freebsd-update iteration. If you compile your own kernel, then freebsd-update will patch the kernel sources, but leave you to rebuild and reinstall your customized kernel. I don't know about the -p4 update. By rights it should have involved updating the kernel by one or other of the two methods shown. So far however, we've seen two reports questioning that[*] and none saying that the -p4 update did in fact update the kernel. Which is suspicious, but hardly conclusive. Cheers, Matthew [*] Stranger things have happened than admins compiling their own GENERIC kernels and then mistakenly thinking they were actually using the standard one from the install media[+]. Seeing a positive it updated for me would settle the question definitively. [+] Not that I believe for one minute that anyone in this thread is sufferring from that sort of memory lapse. -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: 8.2-RELEASE-p4
So, I've run freebsd-update fetch/install a few times since I posed my original question, but my system remains at 8.2-RELEASE-p3. Have I done all that I should to get word to those that would be able to correct the problem? Is there communication channel I should use to report this? On 11/18/2011 03:50 PM, Matthew Seaman wrote: On 18/11/2011 20:12, Tom Carpenter wrote: Is it not possible/not intended for kernels to be updated via freebsd-update? If kernels can be updated via freebsd-update will there be a release of an fix/update that will allow systems to be patched/updated to -p4 or later? freebsd-update will certainly update your kernel for you, so long as you are using a standard GENERIC kernel from the install media or from a previous freebsd-update iteration. If you compile your own kernel, then freebsd-update will patch the kernel sources, but leave you to rebuild and reinstall your customized kernel. I don't know about the -p4 update. By rights it should have involved updating the kernel by one or other of the two methods shown. So far however, we've seen two reports questioning that[*] and none saying that the -p4 update did in fact update the kernel. Which is suspicious, but hardly conclusive. Cheers, Matthew [*] Stranger things have happened than admins compiling their own GENERIC kernels and then mistakenly thinking they were actually using the standard one from the install media[+]. Seeing a positive it updated for me would settle the question definitively. [+] Not that I believe for one minute that anyone in this thread is sufferring from that sort of memory lapse. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: 8.2-RELEASE-p4
It touches the kernel but you need to do make builkernel/make installkernel before uname -a shows 8.2-RELEASE-p4. Regards, Evalyn -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Matthew Seaman Sent: 12 November 2011 02:03 To: Robert Simmons Cc: freebsd-questions@freebsd.org Subject: Re: 8.2-RELEASE-p4 On 11/11/2011 21:03, Robert Simmons wrote: Note that if a security update is just to some userland programs, freebsd-update won't touch the OS kernel, so the reported version number doesn't change even though the update has been applied. In these sort of cases, it's not necessary to reboot, just to restart any long running processes (if any) affected by the update. The security advisory should have more detailed instructions about exactly what to do. (The -p2 to -p3 update was like this, but the -p3 to -p4 update definitely did affect the kernel so a reboot was necessary.) I'm not confident that you are correct here. See above. Either p3-p4 did not touch the kernel, or the OP has a legitimate question. Interesting. I based what I said on the text of the security advisories: http://security.freebsd.org/advisories/FreeBSD-SA-11:04.compress.asc http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc Specifically the 'Corrected:' section near the top. I think it's clear that FreeBSD-SA-11:04.compress (Corrected in 8.2-RELEASE-p3) doesn't involve anything in the kernel but FreeBSD-SA-11:05.unix (Corrected in 8.2-RELEASE-p4) is entirely within the kernel code. Except those advisories aren't telling the whole story. Lets look at r226023 in SVN. That's the revision quoted in the 11.05 advisory. The log for newvers.sh in http://svnweb.freebsd.org/base/releng/8.2/sys/conf/newvers.sh?view=logpathr ev=226023 says that the patches in RELEASE-p4 were not actually the security fix -- rather they fixed a problem revealed by the actual security fix, which was applied simultaneously with the patches in FreeBSD-SA-11:04.compress. 11.05 was committed in two blobs spanning -p3 and -p4. So, the good news is that if you have at least 8.2-RELEASE-p3 then you don't have any (known) security holes. However if you don't have the patches in 8.2-RELEASE-p4 then linux apps run under emulation will crash if they use unix domain sockets. The flash plugin for FireFox being the most prominent example as I recall. Now the updates for -p4 certainly should have touched the kernel, and certainly should have resulted in an updated uname string[*]. There should also be a note about -p4 in /usr/src/UPDATING. Starting to wonder if the -p4 patches are actually available via freebsd-update(8) -- could they have been omitted because it wasn't actually a security fix? Odd that no one would have commented in a whole month if so. Cheers, Matthew [*] strings /boot/kernel/kernel | grep '8\.2-' should give the same results as uname(1): if it's different then the running kernel is not the same as the one on disk... -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.2-RELEASE-p4
Do you anticipate the release of an fix/update that will allow systems to be patched to -p4 or later via freebsd-update? -Tom Carpenter On 11/14/2011 05:25 AM, Evalyn wrote: It touches the kernel but you need to do make builkernel/make installkernel before uname -a shows 8.2-RELEASE-p4. Regards, Evalyn -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Matthew Seaman Sent: 12 November 2011 02:03 To: Robert Simmons Cc: freebsd-questions@freebsd.org Subject: Re: 8.2-RELEASE-p4 On 11/11/2011 21:03, Robert Simmons wrote: Note that if a security update is just to some userland programs, freebsd-update won't touch the OS kernel, so the reported version number doesn't change even though the update has been applied. In these sort of cases, it's not necessary to reboot, just to restart any long running processes (if any) affected by the update. The security advisory should have more detailed instructions about exactly what to do. (The -p2 to -p3 update was like this, but the -p3 to -p4 update definitely did affect the kernel so a reboot was necessary.) I'm not confident that you are correct here. See above. Either p3-p4 did not touch the kernel, or the OP has a legitimate question. Interesting. I based what I said on the text of the security advisories: http://security.freebsd.org/advisories/FreeBSD-SA-11:04.compress.asc http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc Specifically the 'Corrected:' section near the top. I think it's clear that FreeBSD-SA-11:04.compress (Corrected in 8.2-RELEASE-p3) doesn't involve anything in the kernel but FreeBSD-SA-11:05.unix (Corrected in 8.2-RELEASE-p4) is entirely within the kernel code. Except those advisories aren't telling the whole story. Lets look at r226023 in SVN. That's the revision quoted in the 11.05 advisory. The log for newvers.sh in http://svnweb.freebsd.org/base/releng/8.2/sys/conf/newvers.sh?view=logpathr ev=226023 says that the patches in RELEASE-p4 were not actually the security fix -- rather they fixed a problem revealed by the actual security fix, which was applied simultaneously with the patches in FreeBSD-SA-11:04.compress. 11.05 was committed in two blobs spanning -p3 and -p4. So, the good news is that if you have at least 8.2-RELEASE-p3 then you don't have any (known) security holes. However if you don't have the patches in 8.2-RELEASE-p4 then linux apps run under emulation will crash if they use unix domain sockets. The flash plugin for FireFox being the most prominent example as I recall. Now the updates for -p4 certainly should have touched the kernel, and certainly should have resulted in an updated uname string[*]. There should also be a note about -p4 in /usr/src/UPDATING. Starting to wonder if the -p4 patches are actually available via freebsd-update(8) -- could they have been omitted because it wasn't actually a security fix? Odd that no one would have commented in a whole month if so. Cheers, Matthew [*] strings /boot/kernel/kernel | grep '8\.2-' should give the same results as uname(1): if it's different then the running kernel is not the same as the one on disk... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.2-RELEASE-p4
On Fri, Nov 11, 2011 at 6:03 PM, Matthew Seaman m.sea...@infracaninophile.co.uk wrote: Now the updates for -p4 certainly should have touched the kernel, and certainly should have resulted in an updated uname string[*]. There should also be a note about -p4 in /usr/src/UPDATING. Starting to wonder if the -p4 patches are actually available via freebsd-update(8) -- could they have been omitted because it wasn't actually a security fix? Odd that no one would have commented in a whole month if so. I would suppose that you are right, but I'm not sure myself. Does anyone else know if p4 is available through freebsd-update? It seems like it should touch the kernel, but it definitely is not doing so. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
8.2-RELEASE-p4
Environment FreeBSD FQDN hostname 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0: Tue Sep 27 18:07:27 UTC 2011 r...@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 Running freebsd-update fetch I get the following output: = hostname# freebsd-update fetch Looking up update.FreeBSD.org mirrors... 4 mirrors found. Fetching metadata signature for 8.2-RELEASE from update5.FreeBSD.org... done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. No updates needed to update system to 8.2-RELEASE-p4. = I'm new to FreeBSD and after looking through the FreeBSD website I think I may have answered my question, but thought I would say that the message No updates needed to update system to 8.2-RELEASE-p4 seems a little contradictory: if 8.2-RELEASE-p4 isn't relevant for my FreeBSD installation why mention it. As far as answering my question, i.e. 'how does one install 8.2-RELEASE-p4 on a system running 8.2-RELEASE-p3', if I understand the relevant security advisory, http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc it looks like 8.2-RELEASE-p4 is an update for source, consequently, I'm getting the output that I am from freebsd-update because I don't have any source installed on my system. Also, after running freebsd-update install, if I run sysinstall and attempt to install packages by selecting Configure | Packages | Main Site, I get the following output = User Confirmation Requested Warning: Can't find the `8.2-RELEASE-p3' distribution on this FTP server. You may need to visit a different server for the release you are trying to fetch or go to the Options menu and to set the release name to explicitly match what's available on ftp.freebsd.org (or set to any). Would you like to select another FTP server? = That message will go away if I edit `8.2-RELEASE-p3' to read `8.2-RELEASE' but I'm not sure if that's the appropriate solution...would I get the current versions of packages if I did that? -Tom Carpenter ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.2-RELEASE-p4
On 11/11/2011 14:10, Tom Carpenter wrote: I'm new to FreeBSD and after looking through the FreeBSD website I think I may have answered my question, but thought I would say that the message No updates needed to update system to 8.2-RELEASE-p4 seems a little contradictory: if 8.2-RELEASE-p4 isn't relevant for my FreeBSD installation why mention it. As far as answering my question, i.e. 'how does one install 8.2-RELEASE-p4 on a system running 8.2-RELEASE-p3', if I understand the relevant security advisory, http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc it looks like 8.2-RELEASE-p4 is an update for source, consequently, I'm getting the output that I am from freebsd-update because I don't have any source installed on my system. Uh -- I think you are confused. All security patches are issued as not only as source code updates (for those that build from source) but also as compiled binary updates via freebsd-update. Judging by the output you showed, you've certainly managed to download the -p4 binary patch set. The 'No updates needed' message is just telling you you've already got all the necessary update patchsets downloaded. The next step is running: # freebsd-update install which will actually deploy those updates on your live system. Which you do mention doing. Hmmm... You aren't running a custom kernel according to your uname output, so your kernel image should have been updated. However, you would still need to reboot after installing the updates. Until you do, programs like uname that query the currently running kernel image will continue to show the old version numbers. Note that if a security update is just to some userland programs, freebsd-update won't touch the OS kernel, so the reported version number doesn't change even though the update has been applied. In these sort of cases, it's not necessary to reboot, just to restart any long running processes (if any) affected by the update. The security advisory should have more detailed instructions about exactly what to do. (The -p2 to -p3 update was like this, but the -p3 to -p4 update definitely did affect the kernel so a reboot was necessary.) That message will go away if I edit `8.2-RELEASE-p3' to read `8.2-RELEASE' but I'm not sure if that's the appropriate solution...would I get the current versions of packages if I did that? Yes -- that should be absolutely fine. All 8.x versions of the OS should be binary compatible, and any ports compiled for anything labelled 8.2-RELEASE should work irrespective of the patch level. In fact, with a very small number of exceptions, ports compiled for any OS version with a major version number of '8' should work. Exceptions are programs like eg. lsof(1) which accesses certain kernel internals in non-portable ways. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: 8.2-RELEASE-p4
On Fri, Nov 11, 2011 at 11:34 AM, Matthew Seaman m.sea...@infracaninophile.co.uk wrote: Judging by the output you showed, you've certainly managed to download the -p4 binary patch set. The 'No updates needed' message is just telling you you've already got all the necessary update patchsets downloaded. The next step is running: # freebsd-update install which will actually deploy those updates on your live system. Which you do mention doing. Hmmm... You aren't running a custom kernel according to your uname output, so your kernel image should have been updated. However, you would still need to reboot after installing the updates. Until you do, programs like uname that query the currently running kernel image will continue to show the old version numbers. I would encourage you to please run uname -a on your own box before beating up the newbie. I think I understand where his confusion lies. I checked the output on two of my boxes: # freebsd-update fetch Looking up update.FreeBSD.org mirrors... 4 mirrors found. Fetching metadata signature for 8.2-RELEASE from update3.FreeBSD.org... done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. No updates needed to update system to 8.2-RELEASE-p4. # uname -a FreeBSD 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0: Tue Sep 27 18:07:27 UTC 2011 r...@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 All my machines are up to current patch level, but show p3 when I run uname -a. Note that if a security update is just to some userland programs, freebsd-update won't touch the OS kernel, so the reported version number doesn't change even though the update has been applied. In these sort of cases, it's not necessary to reboot, just to restart any long running processes (if any) affected by the update. The security advisory should have more detailed instructions about exactly what to do. (The -p2 to -p3 update was like this, but the -p3 to -p4 update definitely did affect the kernel so a reboot was necessary.) I'm not confident that you are correct here. See above. Either p3-p4 did not touch the kernel, or the OP has a legitimate question. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.2-RELEASE-p4
On 11/11/2011 21:03, Robert Simmons wrote: Note that if a security update is just to some userland programs, freebsd-update won't touch the OS kernel, so the reported version number doesn't change even though the update has been applied. In these sort of cases, it's not necessary to reboot, just to restart any long running processes (if any) affected by the update. The security advisory should have more detailed instructions about exactly what to do. (The -p2 to -p3 update was like this, but the -p3 to -p4 update definitely did affect the kernel so a reboot was necessary.) I'm not confident that you are correct here. See above. Either p3-p4 did not touch the kernel, or the OP has a legitimate question. Interesting. I based what I said on the text of the security advisories: http://security.freebsd.org/advisories/FreeBSD-SA-11:04.compress.asc http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc Specifically the 'Corrected:' section near the top. I think it's clear that FreeBSD-SA-11:04.compress (Corrected in 8.2-RELEASE-p3) doesn't involve anything in the kernel but FreeBSD-SA-11:05.unix (Corrected in 8.2-RELEASE-p4) is entirely within the kernel code. Except those advisories aren't telling the whole story. Lets look at r226023 in SVN. That's the revision quoted in the 11.05 advisory. The log for newvers.sh in http://svnweb.freebsd.org/base/releng/8.2/sys/conf/newvers.sh?view=logpathrev=226023 says that the patches in RELEASE-p4 were not actually the security fix -- rather they fixed a problem revealed by the actual security fix, which was applied simultaneously with the patches in FreeBSD-SA-11:04.compress. 11.05 was committed in two blobs spanning -p3 and -p4. So, the good news is that if you have at least 8.2-RELEASE-p3 then you don't have any (known) security holes. However if you don't have the patches in 8.2-RELEASE-p4 then linux apps run under emulation will crash if they use unix domain sockets. The flash plugin for FireFox being the most prominent example as I recall. Now the updates for -p4 certainly should have touched the kernel, and certainly should have resulted in an updated uname string[*]. There should also be a note about -p4 in /usr/src/UPDATING. Starting to wonder if the -p4 patches are actually available via freebsd-update(8) -- could they have been omitted because it wasn't actually a security fix? Odd that no one would have commented in a whole month if so. Cheers, Matthew [*] strings /boot/kernel/kernel | grep '8\.2-' should give the same results as uname(1): if it's different then the running kernel is not the same as the one on disk... -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature