Re: NetBSD Security Advisory 2014-006

To: netbsd-users%NetBSD.org@localhost
Subject: Re: NetBSD Security Advisory 2014-006
From: Roy Bixler <rcbixler%nyx.net@localhost>
Date: Mon, 16 Jun 2014 17:26:07 -0600

On Mon, Jun 16, 2014 at 11:49:46AM -0000, David Lord wrote:
> On 16 Jun 2014 at 18:53, Ray Phillips wrote:
> 
> > Since there aren't going to be binaries containing the latests fixes 
> > to ssh on nyftp.netbsd.org for a while, would someone post step by 
> > step instructions to get the updated source code, compile it and 
> > replace the faulty pieces of NetBSD please?  The advisory just says 
> > "Update src and rebuild and install." which is a bit too vague for me.
> > 
> > The machines I'm responsible for are running NetBSD/i386 6.1.4.  It 
> > seems the latest vulnerabilites are serious enough that machines 
> > shouldn't be left running with them, so I'd rather not wait until 
> > 6.1.5 is released to repair them.
> 
> I've been using sysutils/sysbuild + sysutils/sysbuild-user
> from pkgsrc. The package is still broken but only requires
> ${SYSBUILD_BINDIR="/usr/pkg"} to point to /usr/pkg/bin.
> 
> I use the default incremental builds which are quite fast
> after the first pass. Only downside for me is that each of
> my /home/sysbuild/nbsd-ver_arch/ directories needs > 20G
> disk space. It's probably possible to run multiple 
> ver/arch from a single directory but my build pc with 
> 2G ram ground to a halt with all swap+memory used up.

I'm just getting into this myself, both for reasons of a device driver
problem I was having (see recent "timeout on siside0" thread for
details) and for the SSL security update.  I use the old-fashioned
method of building from source with CVS as described in the Guide.  It
took about the amount of space I would expect until I decided to try
the "live-image" option, which adds around 10 Gig. to the space
requirement.  In contrast, building the "iso-image" didn't take nearly
as much of a hit.  I haven't used the sysbuild package, but perhaps
this is what you're seeing?

By the way, I like the live-image, which works fine once built, but I
haven't seen much documentation on it.

-- 
Roy Bixler <rcbixler%nyx.net@localhost>
"The fundamental principle of science, the definition almost, is this: the
sole test of the validity of any idea is experiment."
-- Richard P. Feynman

Follow-Ups:
- Re: NetBSD Security Advisory 2014-006
  - From: David Lord

References:
- NetBSD Security Advisory 2014-006
  - From: Ray Phillips
- Re: NetBSD Security Advisory 2014-006
  - From: David Lord

Prev by Date: Re: RAM based block device driver
Next by Date: Re: pkgsrc - Ark - qt4-tools
Previous by Thread: Re: NetBSD Security Advisory 2014-006
Next by Thread: Re: NetBSD Security Advisory 2014-006
Indexes:

Home | Main Index | Thread Index | Old Index