netbsd-help: Clarify Patch Application Method Please ?

Subject: Clarify Patch Application Method Please ?
To: None <netbsd-help@netbsd.org>
From: Nick Boyce <nick@glimmer.demon.co.uk>
List: netbsd-help
Date: 09/27/2000 02:56:59
Please forgive this possibly dumb question, especially if it's
documented somewhere I haven't found yet :

I'm trying my first attempt at applying a NetBSD security patch,
specifically that advised by NetBSD Security Advisory 2000-009 - "ftpd
setproctitle vulnerability".  I've applied manufacturer patches to our
commercial Unixen for this one, and decided it was our NetBSD box's
turn.

But I'm somewhat hazy about how to go about the task.  All the
advisory says by way of method is=20
  "fetch the following patch, apply it to=20
  src/libexec/ftpd/ftpd.c using the patch(1)=20
  command, rebuild and reinstall ftpd, and kill=20
  off any existing FTP daemons".

I wasn't sure where to find file src/libexec/ftpd/ftpd.c; I've now
tracked it down to being included in sys.tgz (is that the right place
?) - and downloaded that from
ftp.netbsd.org/pub/NetBSD/NetBSD-1.4.2/source/sets to
/usr/local/updates on my box.

I found the document "NetBSD Package System" by Hubert Feyrer &
Alistair Crooks, which seems to talk mainly about pkgsrc.tgz, but
seems likely also to apply to the contents of sys.tgz.

So I unpacked the ftpd directory from sys.tgz by=20
  cd /; tar -xvzf /usr/local/updates/sys.tgz usr/src/libexec/ftpd

( I didn't see much point in unpacking the whole thing just for this
patch - reasonable ? )

and applied the patch 20000708-ftpd from
ftp://ftp.netbsd.org/pub/NetBSD/misc/security/patches/ using=20
  cd /usr/src/libexec/ftpd
  patch < 20000708-ftpd
  make
and got the following binary :
  -rwxr-xr-x  1 root  wheel  109383 Sep 26 20:57 ftpd

But this binary is considerably larger than the released 1.4.2=20
binary :
  # ls -l /usr/libexec/ftpd
  -r-xr-xr-x  1 root  wheel  85460 Mar  3  2000 /usr/libexec/ftpd

and since the patch doesn't seem to introduce a significant amount of
code, I wonder how this can be.  Have I missed a step, or done
something wrong, or used the wrong ftpd source ... or just not used an
optimisation option I should have .. or something ?

Also, how should I install the new binary ?  Using "make install", or
do I just copy the binary to /usr/libexec and make sure it's
permissions are set the same as the original ?

I'll be grateful for any comments on the above, and especially
grateful if anyone can point me at a URL for the required steps.

Sorry for the basic question - I'm a NetBSD newbie.

Nick Boyce
Bristol, UK
--
Heuer's Law: Any feature is a bug unless it can be turned off.