On Sun, Jan 25, 2004 at 05:12:01AM -0500, Chad M Stewart wrote: > Take sshd for example. I started with 4.9-stable and then updated the > system using cvsup in what I believe is the correct manner. After all > that I am left with > > sshd version OpenSSH_3.5p1 FreeBSD-20030924
> o - what is the base version of OpenSSH that 4.9-stable started with?
> Logic says that is 3.5p1, but I want to make sure I'm not missing some
> detail.
Well, 4.9-STABLE covers the state of the 4-STABLE development branch
since 4.9-RELEASE. But the release just marks a point-in-time of the
continuous evolution along the 4-STABLE branch. Sounds as if maybe
you meant to talk about the 4.9-RELEASE branch, which consists of
4.9-RELEASE + security patches.
It is quite possible that OpenSSH 3.7.x will be imported to 4-STABLE,
as it has already been imported into 5-CURRENT. It won't be imported
to 4.9-RELEASE or 5.2-RELEASE. If there are any security problems
discovered in OpenSSH, fixes will be applied to the ssh code in all
supported branches (4.8-RELEASE, 4.9-RELEASE, 5.1-RELEASE,
5.2-RELEASE, 4-STABLE), and generally such patches have also been
applied to all branches back to 4.3-RELEASE. 5-CURRENT will also be
fixed, but as it's not a supported branch, it doesn't get mentioned in
advisories. Such patches don't generally modify the version number
sshd reports, although for 5-CURRENT and 4-STABLE such patching may be
closely followed or replaced by importing the new version from
upstream.
4-STABLE currently uses OpenSSH 3.5p1 as it did at the time of
4.9-RELEASE. The last OpenSSH security advisory was
FreeBSD-SA-03:15.openssh released shortly before 4.9-RELEASE
> o - What patches have been applied to the base software to integrate
> with FreeBSD and more specifically security related patches?
FreeBSD generally uses the OpenSSH 'portable' release with some quite
minor modifications -- see
http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/FREEBSD-upgrade
For details of additional patches, see the list of security advisories
at:
http://www.freebsd.org/security/
You should subscribe to [EMAIL PROTECTED] and/or
[EMAIL PROTECTED] to receive notification of security
advisories.
> Again I apologize if these are newbie questions that are answered
> somewhere in an FAQ. In which case feel free to send me a URL. I
> picked sshd as that is one service that I will be exposing and I want
> to make sure that I understand all of this and am not exposing a
> vulnerable version.
Very sensible.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
pgp00000.pgp
Description: PGP signature
