http://www.daemonology.net/freebsd-update/
Binary Security Updates for FreeBSD
FreeBSD Update is a system for automatically building,distributing,fetching,
and applying binary security updates for FreeBSD.
This makes it possible to easily track the FreeBSD security branches without
the need for fetching the source tree and recompiling
(except on the machine building the updates, of course).
Updates are cryptographically signed; they are also distributed as
binary diffs using my binary diff tool, which dramatically reduces the
bandwidth used.
FreeBSD Update is designed for updating systems which have started with a
binary install of an official FreeBSD RELEASE, and which have not had any
files recompiled locally.
Prior to FreeBSD Update 1.4, if any files have been modified (or recompiled)
locally, they will be silently ignored. They will not be updated.
If you have recompiled any part of the FreeBSD world locally,
make sure you're not running a pre-1.4 version of FreeBSD Update.
FreeBSD Update 1.4 will complain about files which have been locally modified.
It still can't update them; but it will print a warning message to alert you
to the fact that those files may have security issues which FreeBSD Update is
not patching.
FreeBSD Update 1.5 adds support for updating systems which have had files
recompiled locally. To use this, you must know which "distribution branch"
your system has; on FreeBSD 4.x, these are "crypto", "nocrypto", "krb4",
and "krb5". These correspond to the default, NOCRYPT, MAKE_KERBEROS4,
and MAKE_KERBEROS5 options in make.conf. Read the included manual page for
details about how to use this option. Be aware that FreeBSD Update cannot
distinguish between intentionally modified files and those which have merely
been recompiled. If you use this option, make sure you read the list of files
shown before installing them.
Version 1.4.1 of the server (update building) code is available here with MD5
hash 4979f33f1d4509fe739b0c5022c3f91b.
Version 1.5 of the client (update fetching and applying) code is available
from the FreeBSD ports tree as security/freebsd-update.
I used to have a link to the tarball here, but lots of people managed to
install it wrong; so I'm not going to link to it.
The ports tree will set it up properly; take adavantage of it.
(If you just want to look at the code, rather than wanting to install it...
go look in the ports tree.)
At present, I am building updates for 4.7-RELEASE, 4.8-RELEASE and 4.9-RELEASE.
Thanks to generous donations from BSD Mall, a large number of slashdot.jp
readers, and a number of other people, I now have a system with which I will be
building updates for 5.0-RELEASE, 5.1-RELEASE, and 5.2-RELEASE very soon.
(I've been waiting for -CURRENT to stabilize a bit.)
If you find this service helpful, please consider donating to support this
(and its graduate student maintainer.)
I presented a paper about this at BSDCon'03; the paper is available here in
postscript, pdf, and HTML formats. My presentation slides are available in
PowerPoint format.
For the insatiably curious, I have some usage statistics available.