Computerglitch

An ongoing adventure

Patching FreeBSD

Check for the latest security information at http://security.freebsd.org


I have created a script to download the 5 latest security advisories from the command line. Create the file freebsd_secupdates with the following contents: [download freebsd_secupdates]

#!/bin/sh
#Don’t Run This Script As Root
#Script to download the latest security advisories
#from security.freebsd.org
#Created by: greEd 11/05/06
if [ -f /tmp/._sec-updates_freebsd_tmp ]; then
rm -rf /tmp/._sec-updates_freebsd_tmp
else
mkdir /tmp/._sec-updates_freebsd_tmp
cd /tmp/._sec-updates_freebsd_tmp
wget -q http://www.freebsd.org/security/advisories.rdf
cat advisories.rdf | sed -e :a -e ‘s/<[ˆ>]*>//g;/</N;//ba’ | sed ‘s/ˆ[ \t]*//;s/[ \t]*$//’ | sed ‘1,8d’ | sed ‘/ˆ$/d’ > final_format
head final_format > /tmp/Advisories
rm -rf /tmp/._sec-updates_freebsd_tmp
cat /tmp/Advisories
fi

Make sure you have sources installed at /usr/src/ If you don’t have the source installed do the following:

# sysinstall

Next select “Configure”, then “Distributions”, then “src” and select “All”
Next select “X Exit”, and “X Exit” once more. Now select your installation media.


Once you have verified you have the the source installed check http://security.freebsd.org for the latest patches for your FreeBSD version. Next I’ll show examples of patching software and patching the kernel.


Example of patching software. Patching gzip gzip.patch.asc
First read the security advisory and follow the instructions in gzip.patch.asc For this patch I will do the following:

# cd /usr/src
# fetch http://security.FreeBSD.org/patches/SA-06:21/gzip.patch
# patch < gzip.patch
# cd /usr/src/gnu/usr.bin/gzip
# make obj && make depend && make && make install

Example of patching the kernel. Patching smbfs smbfs.patch.asc
First read the security advisory and follow the instructions in smbfs.patch.asc For this patch I will do the following:

# cd /usr/src
# fetch http://security.FreeBSD.org/patches/SA-06:16/smbfs.patch
# cd /usr/src/sys/i386/conf
# cp GENERIC MYKERNEL
# cd /usr/src
# make buildkernel KERNCONF=MYKERNEL
# make installkernel KERNCONF=MYKERNEL
# reboot

Posted by Robbie Reese

Comments