FreeBSD 4.6.2 Released

MobyTurbo writes: "FreeBSD 4.6.2 has been released. It primarily cures a few security problems in the 4.6 release. If you are impatient it will be available at various mirrors, or upgrade your existing FreeBSD installation via cvsup, or support the FreeBSD project by purchasing it at a vendor that supports the FreeBSD project."

It's very stable

[edyu]

I'm been cvsuping all along and it has not given me any problem yet.

This time officially?

[mirabilos]

I remember about 4.6 being announced ten times or
so, and a reply from a developer to only post
announcements when they are pgp-signed from a
freebse developer.

nah, all not my stuff - we release on
December 1th
June 1th
of every year, and a bit earlier this year.
There is nothing to interpretate...

Yep, I'm a happy OpenBSD sysadmin and user.

Re:This time officially?

[corrosiv]

Yes, officially

A release is not official until the announcement has gone out on the mailing list and it is visible on http://www.freebsd.org/releases/index.html. Some bozos don't seem to understand that (and Slashdot never seems to learn how to verify these stories). Looks like this one went off without incident for once.

Re:This time officially?

[ve2asm]

Yes, this time officially. As can be seen (for now) on http://docs.freebsd.org/cgi/getmsg.cgi?fetch=0+0+c urrent/freebsd-announce

and will be in the regular archive in a week from now...

Now, I'm a bit frustrated because I *DID* submit the news myself earlier today but got it rejected.. Oh well. The release is official, but the website takes a while to be rebuilt from the SGML sources committed to CVS.

Re:This time officially?

[erc]

The reason why is necause the Slashdot editors ovbiously wait until the story is submitted by someone they know, or something with a cool-sounding handle, then they publish it. To hell with being first - it's all about being a favorite son.

Re:This time officially?

[MobyTurbo]

blockquoth the troll:

The reason why is necause the Slashdot editors ovbiously wait until the story is submitted by someone they know, or something with a cool-sounding handle, then they publish it. To hell with being first - it's all about being a favorite son.

I don't know about how the the 2 bogus release announcements for the previous release got out, but I posted my submission concerning this release when I saw the official announcement in the moderated freebsd-announce mailing list.

The secret to getting a story on slashdot is not being a "favorite son", it's to submit early, submit often, and don't whine when your story is rejected or scooped by someone else because that's what will happen to the majority of your submissions. BTW, thanks for the implied complement concerning my choice of handle. :-)

Re:This time officially?

[MavEtJu]

And your point is? Just like this posting, yours is nothing but an unnecessary flamebait.

Instead of working together we smash each others head in. Fun isn't it?

Re:This time officially?

[mirabilos]

My point was:
* I know from earlier that FreeBSD-releases have been
announced by Slashdot when this announce was not
yet fully official.
* I found it quite amusing when I read, back then, a
comment from a FreeBSD developer, asking for /. to
only post such stories again when they come, pgp signed,
from a developer.
* I wondered whether it was officially this time, that's
why I asked.
* I got a comment which showed me that it was - and
which author wondered about this NOT happening...

Furthermore I wrote about the OpenBSD release scheme,
to show that we don't have this kind of problems. My
post was not intended a flamebait in any way.

Re:ya

[Beetjebrak]

Can you spell BSD as in OS-X??? Damn straight BSD isn't dead, far from it even, and it's bound to expand rapidly to overwhelm Linux's market share on the desktop AND low-end server if Apple play their cards right.

Re:ya

[Beetjebrak]

Then why does the OS-X faq from Apple state: "that apart from a few architectural difference (such as our use of the Mach kernel), we try to keep Darwin as compatible as possible with FreeBSD (our BSD reference platform)." Or from OSnews: At its heart Mac OS X is a descendant of FreeBSD. The Apple engineers used FreeBSD as a blueprint for OS X.

Re:ya

[cant_get_a_good_nick]

To any trolls underneath this post that are actually interested in whats really under the hood of OS-X...

Yes, OS X is heavily based on Mach, but it's not a "pure" microkernel. A pure microkernel only abstracts the hardware, everything else is in userland "servers". In a microkernel UNIX, you'd have the UNIX API as a server, and your app would have to pass messages through the kernel to make syscalls. Check GNU/Debian, this may be an example of it, UNIX server running under the HURD mk. Maybe also mkLinux, the old linux for macs. Check these, I'm not sure, too late/tired to do real research.

The problem with this, is UNIX doesn't run well this way. UNIX is designed monolithic, and microkernel implementations just add an extra layer. The message passing slows you down, thats why Microsoft dropped the GUI subsystem into the kernel in going from 3.51 to 4.0, speedup. Anyways, since the base of OS X is UNIX they put this in the kernel to speed things up. The microkernel handles the hardware, and running old MacOS at kernel level handles prettty much everything else.

As an aside, the UNIX part of the core is a hybrid. Apple started with NetBSD (better cross platform?) but added a lot of 3.x FreeBSD cause they liked it so much. An apple employee (forgot which, see above comment on being late) has commit access to the FreeBSD cvs tree. The next major rev of the kernel is rumored to be freebsd 4 series.

Re:ya

[OrangeSpyderMan]

To any trolls underneath this post that are actually interested in whats really under the hood of OS-X...

If they are interested in what it is, they should stear clear from your explanation.

Yes, OS X is heavily based on Mach, but it's not a "pure" microkernel.

No, Mach is not a "pure" microkernel. And OS-X isn't a ukernel at all, it's an OS. AFAIK, Darwin provides the kernel functionality using a single-server on a microkernel. OS-X runs on top of Darwin, and provides most of the userland functions (GUI, most notably).

Check GNU/Debian

That would be GNU running on Debian, as GNU/Linux is GNU running on Linux? I think you mean Debian GNU/Hurd or GNU, though your description of what it is suggests that as far as microkernels go, you don't know shit from rusty ice-cream.

UNIX server running under the HURD mk

First point, a server runs on top of an 'mk', not under it.

The Hurd (not HURD, Hurd or whatever) is actually a number of servers running on a microkernel (at the moment GnuMach, but also L4 projects exist). Contrary to Darwin and MkLinux which are mono-server implementations (ie one large server running on a ukernel), the Hurd has a number of servers running on a ukernel that attempt to provide POSIX functionality. The Hurd is simply not UNIX (as in GNU is not UNIX). As you correctly point out, monoserver implementations of microkernels don't add a great deal of anything except hardware abstraction compared with a monolithic UNIX kernel. The hardware abstraction was the reason why Apple initially liked MkLinux, as it allowed Linux to run on their machines without them having to give away precious info about how they worked.

These are just the blatant mistakes, I'll leave people who aren't too tired, late or lazy to do real research to fine tune this and the other stuff.

Other vendors

[Arandir]

support the FreeBSD project by purchasing it at a vendor that supports the FreeBSD project.

Other vendors include DaemonNews/BSDMall [bsdmall.com], and Hinner EDV [hinner.de].

Crap :(

[RLiegh]

..meanwhile, I'm downloading netbsd.

Given that this is only a (very) minor point release, I don't expect I'm missing too terribly much.

Re:Crap :(

[MobyTurbo]

Blockquoth the poster:

..meanwhile, I'm downloading netbsd.

According to a previous Slashdot story, NetBSD version 1.6 is expected *very* soon, it's already at the release candidate stage, so perhaps you haven't avoided avoided downloading a version of BSD too soon either. :-)

Keep in mind however that even if you have download a version of FreeBSD (maybe the same is true for Net) too soon, you can cvsup to the latest -RELEASE or -STABLE without much of a hassle; and 5.0-CURRENT if you want to be on the alpha/beta version edge.(Since I'm tracking -STABLE I don't need to download anything to upgrade; I already am running a system similar to 4.6.2 if not somewhat more cutting edge.)

Hmm, *BSD is releasing new versions. It must not be "dead" after all. ;-)

Re:Crap :(

[MavEtJu]

It's a release to fix security problems, it isn't a major release with new nifty features. Unless you've been consequent with your patches (openssh, openssl, kqueue, ufs etc etc etc) there is no reason to upgrade. But if you want to have a checkpoint for your machines (i.e. a stable release without having to do all the patches each time you install something in the 4.6-series), this is a good start.

Re:Java???

[Ded Bob]

I believe they submitted 1.3 to Sun for certification, but it sounds like it takes a long time for Sun to accept a Java port. I think the Linux port also took a long for Sun to accept, but I do not know for certain.

Re:Java???

[Ded Bob]

Even better, here is a recent progress report: report [freebsd.org]

Re:freebsd 4.7

[MobyTurbo]

blockquoth the BSD troll:

I'm certain they will blow past their stated release date [of 5.0] of Nov. 20. It could easily slip to feb. 2003 or beyond. Apparently it is very difficult to make new releases on time when you are a dying OS.

The Linux 2.4 kernel release was far more delayed than that, I don't see people saying it's dying. ;-)

Re:freebsd 4.7

[ChadN]

The Linux 2.4 kernel release was far more delayed than that, I don't see people saying it's dying.

Surf at -1, and you'll see plenty of people saying it. (wink)

Re:Another word

[dtdns]

FreeBSD is nice though, you can't go wrong with it unless you need:

SMP

What's wrong with FreeBSD's SMP support? I've run FreeBSD on everything from single processor on up to quad Xeon systems without any trouble at all. Granted I had to recomplie the kernel to enable SMP support, but it never complained.

Re:Another word

[checkitout]

What's wrong with FreeBSD's SMP support?

They probably meant to say OpenBSD, which to my knowledge still doesn't offer SMP support.

Personally, I think FreeBSD is thing to run on a server. Leave Linux at home.

Re:Another word

[MobyTurbo]

Blockquoth the poster:

FreeBSD is nice though, you can't go wrong with it unless you need:

SMP
Java
Linux threading seems to be better now

99% of Java works fine, I use it here without a problem. The big deal is that you have to download both Java source and Linux's Java for the libraries in order to install the BSD version, because Sun still hasn't officially approved binary distribution for FreeBSD yet due to HotSpot(tm) still being in beta condition. That should change soon though.

Where did 4.6.1 go?

[Stonehead]

The 4.6.1 release was announced as the next release, but it never happened. Why? If it is that much a PR blunder to admit that something went wrong, why still increase the version number?

Re:Where did 4.6.1 go?

[Beetjebrak]

set your cvs tag to 4_6_1 and cvsup your sources. You'll get 4.6.1 don't worry, it was there.. be it for a very short while and as far as I can tell not really worthy of a point release. Why not just stick to 4.6-RELEASE and bump up the patch level all you want until 4.7-RELEASE?? (I know 5.0 probably should come out before 4.7 but hey.. who knows..)

Re:Where did 4.6.1 go?

[essdodson]

I really doubt 5.0 will come out before 4.7 makes it out. But from the looks of it the first few 5.0 release won't quite be ready for general consumption. There's a big push right now to go ahead and move to GCC 3.3 and skip 3.2 entirely. I'm rather happy with my 5-current box. Only problem I've found is that if it does shut down ungracefully background fsck sticks you into a reboot cycle. It looks as if it doesn't cope well with much of any activity while its checking in the background.

Re:Where did 4.6.1 go?

[essdodson]

4.6.1 was _never_ released. A CVS tag does not indicate a release.

Re:Where did 4.6.1 go?

[essdodson]

A release occurs when it is announced by the release engineering team. You should read the numerous fuckups Slashdot has had in relation to FreeBSD release process.

Re:Where did 4.6.1 go?

[larry bagina]

I ordered the WindRiver (now BSDMall) FreeBSD 4.6 from CheapBytes last week. The discs/jewel case say 4.6/June 2002. The install CD is named "4.6.1".

Re:Where did 4.6.1 go?

[MavEtJu]

During the first and second RCs of 4.6.1 a couple of more problems regarding security came up and it would be a bad idea to release something with known problems (actually the reason why 4.6.1 was going to be released). That's why it was delayed with a month (I believe).

Re:Where did 4.6.1 go?

[mosch]

You can get 4.6.1, you just wouldn't want to, because then you'd have to apply 11 patches to get it to 4.6.1-p11, then one more to get it to 4.6.2. They didn't make a big public announcement because of the number of major issues that came up right after it was created (OpenSSL and such) and because of some bugs that turned out to be not quite fixed.

Re:Where did 4.6.1 go?

[Geekboy(Wizard)]

The OpenSSH bug was found the day before 4.6.1 was supposed to come out (or something like that). So they decided to scrap 4.6.1, and add the OpenSSH fixes, and back port more fixes from -current while they did the testing for it.

Tracking -RELEASE with cvsup

[zsazsa]

Okay, it's time to put on my newbie hat, so flame away.

I'm testing out my first real FreeBSD installation on a colocated server, and I'm using the ports tree for installing just about everything. I'd like to be able to keep on top of the latest security releases and pretty much make sure I stay in line with all the -RELEASE releases. The problem is, I have no idea how to do this. It seems like most examples I see for using cvsup are for -STABLE or -CURRENT. There doesn't seem to be a nice guide for doing so on the FreeBSD site or on my system.

Will the example ports-supfile, as-is, do the trick? Or should I use a different supfile?

Does anyone have any pointers or advice?

Re:Tracking -RELEASE with cvsup

[bugg]

I'd like to be able to keep on top of the latest security releases

The RELEASE tag is only slid for security fixes that come out after the release tag is initally laid and before the CDs are gold. In other words, if you really want to keep on top of security issues, you should be tracking -STABLE; but of course with this comes no express or implied guarantee that your tree will build, that everything will work properly, etc. But thankfully, -STABLE tends to be pretty much just that, STABLE, with few exceptions. If you're concerned about the latest security patches, either update STABLE every time there is a security advisory, or apply the patches from -STABLE to your release tree, but that's probably not worth the time. So -STABLE tends to be the best in terms of having security patches applied, but on a colocated box you could run into issues setting it to upgrade automatically (in the rare, but possible event -STABLE is fubared when you cvsup) - but unfortunately you can't have it every way- there's no way to have a guarantee of successful working automatic builds with all of the security patches. That's pretty much true with any OS.

But you didn't ask that, you asked how to get -RELEASE sources. Open up your supfile and set the tag to RELENG_4_6_2_RELEASE in this case (or RELENG_4_6_0_RELEASE for 4.6, or RELENG_4_0_0_RELEASE for 4.0, etc.)

Have fun!

Re:Tracking -RELEASE with cvsup

[shlong]

Tag slides are not how security issues are tracked in FreeBSD. True, they are used when last minute changes are needed before a release. However, branches are made with every major release, and security fixes are applied to those branches. If you track the RELENG_4_6 tag, you will get all the security patches for 4.6.x. These branches are often maintained for a year or more, even after newer releases have come out. So, to answer the previous posters' question about how to track FreeBSD 4.6 + ports, here is a cvsup file to use:

*default host=cvsup14.freebsd.org
*default base=/usr
*default prefix=/usr
*default release=cvs tag=RELENG_4_6
*default delete use-rel-suffix
*default compress
src-all
ports-all

Re:Tracking -RELEASE with cvsup

[bugg]

I'm sorry, did I not make that clear? The original poster was under the idea that he wanted the release; I was merely correcting him in that the release tag (_RELEASE) is only slid when changes are made between the inital laying of the tag and before the CDs go gold (which is a very short period of time).

Well, anyhow, I think the OP has enough information to help him now.

Re:Tracking -RELEASE with cvsup

[shlong]

Sorry, no flame was intended. I felt that your comment about tag sliding could be misinterpretted, but I also wanted to definitely answer the question of the OP with a cvsup file that was appropriate for what he (appeared to) asked for.

Re:Tracking -RELEASE with cvsup

[bugg]

Egads, a polite resolution to a thread!

Glad to see that there's some civility on slashdot. I'm impressed that we handled that well. (Insert wisecrack about only in the BSD section can you find nice slashdotters...)

Re:Tracking -RELEASE with cvsup

[funky womble]

It's also worth pointing out that anyone tracking -stable should be keeping up with the freebsd-stable mailing list (in order to learn about any problems or incompatible changes, including any requirements to update the kernel or ports/package, which although rare can happen on occasion).

On a colocated box, perhaps it would be wise to cvsup and wait at least a day or two to check for any problems reported to that mailing list before updating the running system.

--
As noted in the History section, one of the biggest problems with sysinstall is its user interface which could only be charitably described as Evil Incarnate. -libh Project [freebsd.org]

Re:Tracking -RELEASE with cvsup

[IEFBR14]

You could cd /usr/ports/net/cvsupit and type make install. This will run a script that will set up a cvsupfile for you, and place it in /etc/cvsupfile. This is a very painless way to set up your file, and it gives you many options to choose from.

Re:Tracking -RELEASE with cvsup

[elbuddha]

Use the RELENG_4_6 tag in your cvsup file to stay on the 4.6-release branch, of which 4.6.2-release is a part.

Be sure to check out Chapter 20 of the FreeBSD Handbook [freebsd.org], especially the sections on Synchronizing Your Source and Using make world. Also read the top of /usr/src/Makefile

The real trick is going to be doing the upgrade to a remote server. Since you can't really drop to single user mode you'll have to do the installworld, installkernel, and mergemaster on a live system. Make sure your kern.securelevel is at -1 for that (you can always raise it back up afterwards). You may even want to go through the process on a spare box in front of you before attempting to do so remotely.

Only 2 ISO's?

[Anonymous Coward]

Why only 2 CDs? Is it just an "upgrade CD"? 4.6 was 5 CDs.

XFree86 3-4

[(startx)]

Here's a good question for all you FreeBSD guru's, semi-guru's, and people smarter than I. I installed my current FreeBSD machine with FreeBSD 4.4 a year or two ago, and have been cvsup'ing and make buildworld'ing to keep -stable. When I did the installation, I chose to install XFree86 3.3.6, and so it does not show up in /var/db/pkg. Now I want to remove 3.3.6 from the system and install XFree86 4.2.0 from ports. Finally for the question....

How can I remove XFree86 3.3.6 from FreeBSD 4.2.6 since there is no entry in /var/db/pkg?

Re:XFree86 3-4

[wabb1t]

As the prevoius answer stated, remove /usr/X11R6 and /etc/X11 and /etc/XF86Config.

But be sure to also remove all ports that might have installed stuff under /usr/X11. I just tested this (will give you a few unimportant errors), but YMMV:

(use some bourne shell, like /bin/sh or bash)
cd /var/db/pkg
for i in *; do if grep -q '^@cwd /usr/X11R6' $i/+CONTENTS; then echo $i;fi;done > ${HOME}/packagelist

Then remove those packages in ~/packagelist
After this, just install /usr/ports/x11/XFree86-4, and reinstall the ports/packages you need.

HTH

Re:XFree86 3-4

[(startx)]

thank you, perhaps this should be documented and added to either the faq or handbook too?

Re:XFree86 3-4

[prog-guru]

It does not show up because it is a distribution, which is different from a package and different from a port, intuitive, huh?

Get your source media, and do tar tzvf on the archives you installed (Xbin.tgz, Xcfg.tgz), and remove those files.
I usually move /usr/X11R6 out of the way instead of removing it, just in case.

does ssh and ssl fixes without make world

[bwhalen]

make world takes so long on my k6, this is a kewl way to get those fixes quickly.

Upgrades from 4.6 Stable to 4.6.2 using cvsup fail

[CatNTHat]

I have been able to reproduce on 3 different machines that an upgrade from 4.6 Stable to 4.6.2 causes the system to become unstable after doing the installworld, installworld dies, you are unable to do a mergemaster due to out of memory problems and I have ended up rebuilding all three of the boxes off of 4.6 stable.