Date: Wed, 5 May 2004 13:45:38 +0100 (WEST) From: Jose Carlos Pereria <freebsd@abismo.org> To: freebsd-questions@freebsd.org Subject: ports, security and updates Message-ID: <Pine.LNX.4.44.0405051216500.29178-100000@misty.EUnet.pt>
next in thread | raw e-mail | index | archive | help
Hello there I'm fairly recent to FreeBSD, and a issue regarding the ports has come up that is bothering me a little (FreeBSD 4.9-RELEASE-p4 , i386). I installed portaudit which has been warning me about a problem with the mysql I have installed. portaudit -a Affected package: mysql-client-4.0.18_1 Type of problem: MySQL insecure temporary file creation (mysqlbug). Reference: <http://people.freebsd.org/~eik/portaudit/2e129846-8fbb-11d8-8b29-0020ed76ef5a.html>; 1 problem(s) in your installed packages found. Although this bug isn't bothering me (chmod 0000 /usr/local/bin/mysqlbug), the fact that no port fix has come out is! :) This is either due to: a) a fix hasn't been applied to the port b) I'm doing something wrong in the cvsup Before today I was inclinded for option b), but I have just updated a few security related packages (png,rsync,...) using the same method, but I'd like to be sure... The steps I follow: cvsup -L 2 supfile portsdb -Uu pkgdb -F portversion -l "<" portupgrade -r packages_to_upgrade supfile: ################################################## *default host=cvsup.uk.FreeBSD.org *default base=/usr/local/etc/cvsup *default prefix=/usr *default release=cvs delete use-rel-suffix compress *default tag=RELENG_4_9 src-all ports-all tag=. ################################################## Any comments/advice? thanks in advance -- José Carlos Pereira
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.44.0405051216500.29178-100000>