# If I have src-all in /etc/stable-supfile



## mfaridi (Jan 21, 2009)

if I have this option src-all in /etc/stable-supfile
and after cvsup and compile kernel and install kernel ,
Do I need patch some SECURITY ADVISORIES for fix security.


----------



## mousaka (Jan 21, 2009)

It depends on what is defined in /etc/stable-subfile


```
*default release=cvs tag=RELENG_7
```
Is the current STABLE-Branch, which contains all security fixes, but is a bit less stable than RELENG_7_1 as it is the development libe of 7.x. RELENG_7_1 contains the 7.1-RELEASE with all security fixes, where RELENG_7_1_0_RELEASE is the 7.1-RELEASE without security fixes.

Have a look at the handbook for further cvs tags.

mousaka


----------



## SirDice (Jan 21, 2009)

mfaridi said:
			
		

> if I have this option src-all in /etc/stable-supfile
> and after cvsup and compile kernel and install kernel ,
> Do I need patch some SECURITY ADVISORIES for fix security.



No, if you cvsup/csup you get the patches too.


----------



## mfaridi (Jan 21, 2009)

this is my /etc/stable-supfile

```
# $FreeBSD: src/share/examples/cvsup/stable-supfile,v 1.32.2.1 2007/10/11 06:26:19 kensmith Exp $
#
# This file contains all of the "CVSup collections" that make up the
# FreeBSD-stable source tree.
#
# CVSup (CVS Update Protocol) allows you to download the latest CVS
# tree (or any branch of development therefrom) to your system easily
# and efficiently (far more so than with sup, which CVSup is aimed
# at replacing).  If you're running CVSup interactively, and are
# currently using an X display server, you should run CVSup as follows
# to keep your CVS tree up-to-date:
#
#       cvsup stable-supfile
#
# If not running X, or invoking cvsup from a non-interactive script, then
# run it as follows:
#
#       cvsup -g -L 2 stable-supfile
#
# You may wish to change some of the settings in this file to better
# suit your system:
#
# host=CHANGE_THIS.FreeBSD.org
#               This specifies the server host which will supply the
#               file updates.  You must change it to one of the CVSup
#               mirror sites listed in the FreeBSD Handbook at
#               http://www.freebsd.org/doc/handbook/mirrors.html.
#               You can override this setting on the command line
#               with cvsup's "-h host" option.
#
# base=/var/db
#               This specifies the root where CVSup will store information
#               about the collections you have transferred to your system.
#               A setting of "/var/db" will generate this information in
#               /var/db/sup.  You can override the "base" setting on the
#               command line with cvsup's "-b base" option.  This directory
#               must exist in order to run CVSup.
#
# prefix=/usr
#               This specifies where to place the requested files.  A
#               setting of "/usr" will place all of the files requested
#               in "/usr/src" (e.g., "/usr/src/bin", "/usr/src/lib").
#               The prefix directory must exist in order to run CVSup.
#
###############################################################################
#
# DANGER!  WARNING!  LOOK OUT!  VORSICHT!
#
# If you add any of the ports or doc collections to this file, be sure to
# specify them with a "tag" value set to ".", like this:
#
#   ports-all tag=.
#   doc-all tag=.
#
# If you leave out the "tag=." portion, CVSup will delete all of
# the files in your ports or doc tree.  That is because the ports and doc
# collections do not use the same tags as the main part of the FreeBSD
# source tree.
#
###############################################################################

# Defaults that apply to all the collections
#
# IMPORTANT: Change the next line to use one of the CVSup mirror sites
# listed at http://www.freebsd.org/doc/handbook/mirrors.html.
*default host=cvsup.tw.FreeBSD.org
*default base=/var/db
*default prefix=/usr
# The following line is for 7-stable.  If you want 6-stable, 5-stable,
# 4-stable, 3-stable, or 2.2-stable, change to "RELENG_6", "RELENG_5",
# "RELENG_4", "RELENG_3", or "RELENG_2_2" respectively.
*default release=cvs tag=RELENG_7_0
*default delete use-rel-suffix

# If you seem to be limited by CPU rather than network or disk bandwidth, try
# commenting out the following line.  (Normally, today's CPUs are fast enough
# that you want to run compression.)
*default compress

## Main Source Tree.
#
# The easiest way to get the main source tree is to use the "src-all"
# mega-collection.  It includes all of the individual "src-*" collections.
# Please note:  If you want to track -STABLE, leave this uncommented.
src-all

# These are the individual collections that make up "src-all".  If you
# use these, be sure to comment out "src-all" above.
#src-base
#src-bin
#src-cddl
#src-contrib
#src-etc
#src-games
#src-gnu
#src-include
#src-kerberos5
#src-kerberosIV
#src-lib
#src-libexec
#src-release
#src-rescue
#src-sbin
#src-share
#src-sys
#src-tools
#src-usrbin
#src-usrsbin
# These are the individual collections that make up FreeBSD's crypto
# collection. They are no longer export-restricted and are a part of
# src-all
#src-crypto
#src-eBones
#src-secure
#src-sys-crypto
   ports-all tag=.
   doc-all tag=.
```


----------



## mousaka (Jan 21, 2009)

You're src-tree is RELENG_7_0 which is 7.0-RELEASE plus all security fixes.

mousaka


----------

