From owner-freebsd-questions@FreeBSD.ORG Wed May 5 05:46:06 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A40216A4CE for ; Wed, 5 May 2004 05:46:06 -0700 (PDT) Received: from misty.EUnet.pt (misty.EUnet.pt [193.126.1.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 21FFC43D3F for ; Wed, 5 May 2004 05:46:05 -0700 (PDT) (envelope-from freebsd@abismo.org) Received: from localhost (lists@localhost) by misty.EUnet.pt (8.11.6/8.11.6) with ESMTP id i45Cjcr29489 for ; Wed, 5 May 2004 13:45:38 +0100 X-Authentication-Warning: misty.EUnet.pt: lists owned process doing -bs Date: Wed, 5 May 2004 13:45:38 +0100 (WEST) From: Jose Carlos Pereria X-X-Sender: lists@misty.EUnet.pt To: freebsd-questions@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Subject: ports, security and updates X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 May 2004 12:46:06 -0000 Hello there I'm fairly recent to FreeBSD, and a issue regarding the ports has come up that is bothering me a little (FreeBSD 4.9-RELEASE-p4 , i386). I installed portaudit which has been warning me about a problem with the mysql I have installed. portaudit -a Affected package: mysql-client-4.0.18_1 Type of problem: MySQL insecure temporary file creation (mysqlbug). Reference: 1 problem(s) in your installed packages found. Although this bug isn't bothering me (chmod 0000 /usr/local/bin/mysqlbug), the fact that no port fix has come out is! :) This is either due to: a) a fix hasn't been applied to the port b) I'm doing something wrong in the cvsup Before today I was inclinded for option b), but I have just updated a few security related packages (png,rsync,...) using the same method, but I'd like to be sure... The steps I follow: cvsup -L 2 supfile portsdb -Uu pkgdb -F portversion -l "<" portupgrade -r packages_to_upgrade supfile: ################################################## *default host=cvsup.uk.FreeBSD.org *default base=/usr/local/etc/cvsup *default prefix=/usr *default release=cvs delete use-rel-suffix compress *default tag=RELENG_4_9 src-all ports-all tag=. ################################################## Any comments/advice? thanks in advance -- José Carlos Pereira