|
OpenBSD Installation and Upgrading Installing and upgrading OpenBSD. |
|
Thread Tools | Display Modes |
|
|
|||
011: SECURITY FIX: March 10, 2016
I just applied this patch by following the instructions on the patch itself, and NOT by using CVS to update the source tree. That is o.k. Right? I follow 5.8 -stable.
|
|
|||
I'm not aware of what you had prior to applying the 011 patch, but the process essentially replaces the existing ssh code and should be OK.
My guess is that your trying different options (cvs, patches/m:tier, openup) in order to follow stable. You have the most control using cvs while openup is the least time consuming. |
|
|||
Quote:
I remember reading somewhere in the faq, that you can mix and match. That is, you don't always have to update your source tree from cvs to apply a patch. So since I applied the patch by following the instructions, there is nothing else for me to do right? |
|
|||
I don't think mixing update methods is good.
I would stick to one: cvs, following stable or manually applying patches by hand (AFAIK there are not all patches, but only security fixes). If somethings is wrong, I think that cvs is likely to report conflict. |
|
|||
Quote:
Errata fixes are to be applied to -release, not -stable installations. -stable users should either update through CVS or subscribe to M:Tier. ...& what jggimi further states is correct. As an equation: -release installation + all published errata <= up-to-date -stable installation |
|
|||
I updated the source tree, and compiled the kernel and userland. During downloading of the source, cvs warned about an ssh conflict, and there was another warning while compiling the userland, however, all seems to be well. I'll avoid doing this in the future.
|
|
||||
Quote:
$ cvs up from this branch of the working directory, and note which files are marked with "C" or "M".Files marked "M" are deemed to have a local modification. Local modifications may be removed by issuing the CVS update command with the -C option to overwrite localy modified files: $ cvs up -C .Files marked "C" are deemed to be in conflict: CVS perceives local modifications atop of pending commits, which it cannot resolve. This requires manual action by the admin. In this instance, that manual option should be moving (or deleting) the conflicting files, then issuing $ cvs up once again, to obtain the files as committed to the repository.Quote:
|
|
|||
Quote:
Below is what I did and the respond I received. Code:
# cvs up cvs server: Updating . C session.c cvs server: Updating lib cvs server: Updating moduli-gen cvs server: Updating scp cvs server: Updating sftp cvs server: Updating sftp-server cvs server: Updating ssh cvs server: Updating ssh-add cvs server: Updating ssh-agent cvs server: Updating ssh-keygen cvs server: Updating ssh-keyscan cvs server: Updating ssh-keysign cvs server: Updating ssh-pkcs11-helper cvs server: Updating sshd $ cvs up -C command since I am following stable? Also, once I do this, should I update my source normally and then recompile the source tree and userland? Last edited by jjstorm; 16th March 2016 at 10:00 PM. |
|
||||
This branch of your working directory tree currently contains neither conflicts nor local modifications.
All -stable commits include a revision to the RCS header in line 1 of every source file. The errata patches do not have this RCS revision. Check the first line of /usr/src/usr.bin/ssh/session.c, and note the revision number of the file. Below, I obtain three revisions of this file. -release or -release + errata: Code:
$ cvs get -r OPENBSD_5_8_BASE src/usr.bin/ssh/session.c U src/usr.bin/ssh/session.c $ head -1 src/usr.bin/ssh/session.c /* $OpenBSD: session.c,v 1.278 2015/04/24 01:36:00 deraadt Exp $ */ $ Code:
$ cvs get -r OPENBSD_5_8 src/usr.bin/ssh/session.c U src/usr.bin/ssh/session.c $ head -1 src/usr.bin/ssh/session.c /* $OpenBSD: session.c,v 1.278.2.1 2016/03/10 11:54:22 djm Exp $ */ $ Code:
$ cvs get -A src/usr.bin/ssh/session.c U src/usr.bin/ssh/session.c $ head -1 src/usr.bin/ssh/session.c /* $OpenBSD: session.c,v 1.282 2016/03/10 11:47:57 djm Exp $ */ $ Quote:
Quote:
|
|
|||
Quote:
|
|
||||
And there is a new patch 012 to 5.8 for IPv6 that was published yesterday.
Last edited by jggimi; 17th March 2016 at 12:24 PM. Reason: clarity |
|
|||
Quote:
Quote:
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Are you at AsiaBSDcon 2016? | ibara | News | 4 | 25th March 2016 05:42 PM |
Misc. BSD/UNIX BSDCan 2016 CfP now open! | ibara | News | 0 | 1st December 2015 10:42 PM |
March BSD Magazine | J65nko | News | 0 | 24th March 2014 11:49 PM |
Firefox 4 to ship March 22nd | drhowarddrfine | News | 12 | 24th March 2011 12:02 AM |
OpenSSL Security Advisory [24 March 2010] | J65nko | News | 0 | 29th March 2010 11:12 PM |