D-kriptik Blog

Just a few notes:

1. Upgrading to FreeBSD 7.1 stable from FreeBSD 7.0 stable went smoothly.

   Sort of standard steps…

   • vi /usr/mykernconf7 and modify to merge in 7.1 changes into my custom kernel config.

     (The generic FreeBSD kernel configuration for the i386 platform as a starting point can be found in “/usr/src/sys/i386/conf/GENERIC”.

     e.g.,
     • cp /usr/src/sys/i386/conf/GENERIC /usr/mykernconf7
     • ln -s /usr/mykernconf7 /usr/src/sys/i386/conf/mykernconf7
     • vi /usr/mykernconf7 and modify as desired)
   • vi /usr/stable-supfile and update my custom “stable-supfile” to point to “RELENG_7_1″ by changing the relevant line to “*default release=cvs tag=RELENG_7_1″

     (A sample “stable-supfile” as a starting point can be found in “/usr/share/examples/cvsup/stable-supfile”.

     e.g.,
     • cp /usr/share/examples/cvsup/stable-supfile /usr/stable-supfile
     • vi /usr/stable-supfile and modify as needed, such as setting the default release to 7.1 and setting the host to one of the FreeBSD cvs server mirrors)
   • cd /usr/src
   • cvsup -g -L 2 ../stable-supfile
   • make buildworld
   • make kernel KERNCONF=mykernconf7
   • reboot (to single user mode)
   • cd /usr/src
   • mergemaster -p
   • make installworld
   • mergemaster

     I found there was a massive version increment of the contents in “/etc” from 7.0, so there was a lot to go through. I had a few mods to configuration and script files that needed merging, but, for the majority, just installing the new version was fine.

   • reboot
2. With the release of FreeBSD 7.1, the FreeBSD ports have undergone a huge burst of activity. Over the course of the last month, perl, X, and Gnome have all been upgraded.

   The first step is always the same here, updating the ports tree and grabbing the new index.

   e.g.,
   • cd /usr/ports
   • cvsup -g -L 2 ../ports-supfile
   • portsdb -Fu

   The second step is always the same here too, examining “/usr/ports/UPDATING” to see if there were any special instructions relevant to upgrading my installed ports, and additionally, browsing “/usr/ports/MOVED” to see what ports have been (re)moved.

   Ok, so there have a number of instructions that applied to my installed ports over the last month or so, including those for perl, X server, and Gnome. I updated multiple times and so upgraded many of these components at different intervals, which kept the mixing and matching of these instructions somewhat minimal. (On the flip side, there was a bunch of redundant (re)building of my ports.)

   Of the big boys (i.e., perl, X, and Gnome)…

   My first upgrade was of perl from 5.8.8 to 5.8.9, and I did this by itself, as the upgrade involved manually using a script and its guidance after installation of the upgrade perl, as per the 20090113 instructions in “/usr/ports/UPDATING” for perl5.8. (If perl troubles crop up after using this script, rebuilding the perl dependents may be best.)

   Next came the upgrade of Gnome from 2.22 to 2.24 (and all other updated ports at the time), which went smoothly enough, according to the 20090114 instructions in “/usr/ports/UPDATING” for GNOME and GTK+. (During this upgrade, I discovered some issues with my perl upgrade, so I ended up just rebuilding my perl dependents, but that was not the fault of the GNOME update.)

   A few days later followed the upgrade of libxcb by itself along with the rebuilding of all its dependents according to the “/usr/ports/UPDATING” 20090123 instructions for libxcb.

   Then, the upgrade of X (and all other updated ports at the time). There were issues here and there after this upgrade, but these seem to have been mostly resolved by subsequent updates, as the port maintainers have been tweaking things.

   As mention already, these steps were mostly incremental for me, happening in two primary bursts. If you are upgrading all of that and more at once, it might be easier to just rebuild all ports while taking “/usr/ports/UPDATING” instructions into account.

3. Tor stable (and development) has been updated to fix a remotely inducible heap corruption issue. Details forthcoming.
   

   This update also fixes an important security-related bug reported by Ilja van Sprundel. You should upgrade. (We’ll send out more details about the bug once people have had some time to upgrade.)

   Changes in version 0.2.0.33 – 2009-01-21
   o Security fixes:
   – Fix a heap-corruption bug that may be remotely triggerable on some platforms. Reported by Ilja van Sprundel.

4. Truecrypt 6.1a has been available for over a month. The 6.1 changes include support of tokens and smart cards, and trickery to get passed, say, USA customs.
5. Xen and Ubuntu have gone their separate ways.

This entry was posted on Saturday, January 31st, 2009 at 8:09 pm and is filed under Anonymity & Privacy, BSD, Crypto, Debian & Ubuntu, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.