Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 20 Nov 2012 14:50:35 +0100
From:      richard bader <richard@bader-muenchen.de>
To:        freebsd-security@freebsd.org
Cc:        richard@bader-muenchen.de
Subject:   Re: Clarrification on whether portsnap was affected by the 2012 compromise
Message-ID:  <50AB8AAB.7050102@bader-muenchen.de>
In-Reply-To: <50AB7BFC.7040506@tipstrade.net>
References:  <50AB6029.4090608@tipstrade.net> <20121120121530.GC88593@in-addr.com> <50AB7BFC.7040506@tipstrade.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Am 20.11.2012 13:47, schrieb John Bayly:
> On 20/11/12 12:15, Gary Palmer wrote:
>> On Tue, Nov 20, 2012 at 10:49:13AM +0000, John Bayly wrote:
>>> Regarding the 2012 compromise, I'm a little confused as to what was and
>>> wasn't affected:
>>>
>>> >From the release:
>>>> or of any ports compiled from trees obtained via any means other than
>>>> through svn.freebsd.org or one of its mirrors
>>> Does that mean that any ports updated using the standard "portsnap
>>> fetch" may have been affected, I'm guessing yes.
>>>
>> " We have also verified that the most recently-available portsnap(8) snapshot matches the ports Subversion repository, and so can be fully trusted."
> I suppose that implies that the previous portsnap snapshots couldn't be
> [completely] trusted. Basically I wanted to know whether I had to go
> through all the ports I've updated from the snapshots within the given
> time frame and to a portupgrade --force on them. In the end I decided
> yes (luckily it's only on a single box)-unsubscribe@freebsd.org"
So what ist the way to get a 'secure' portscollection?
first update with  'portsnap -f /etc/portsnap.conf  fetch update '
and then 'portupgrade -caDf'



-- 
Dipl.Ing.Bader Richard GmbH, Helferichstrasse 32, 80999 Muenchen
Tel.:  +49 89 892205 31
Fax.:  +49 89 892205 33
http://www.bader-muenchen.de




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50AB8AAB.7050102>