From owner-freebsd-questions@FreeBSD.ORG Thu Oct 14 12:33:08 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 62B0516A4CE for ; Thu, 14 Oct 2004 12:33:08 +0000 (GMT) Received: from smtp18.wxs.nl (smtp18.wxs.nl [195.121.6.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 67D2F43D4C for ; Thu, 14 Oct 2004 12:33:07 +0000 (GMT) (envelope-from freebsd@akruijff.dds.nl) Received: from kruij557.speed.planet.nl (ipd50a97ba.speed.planet.nl [213.10.151.186]) by smtp18.wxs.nl (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0I5K009Y3QV5RX@smtp18.wxs.nl> for freebsd-questions@freebsd.org; Thu, 14 Oct 2004 14:33:06 +0200 (CEST) Received: from alex.lan (localhost [127.0.0.1]) by kruij557.speed.planet.nl (8.12.10/8.12.10) with ESMTP id i9ECX5Hu002118; Thu, 14 Oct 2004 14:33:05 +0200 Received: (from akruijff@localhost) by alex.lan (8.12.10/8.12.10/Submit) id i9ECX49P002117; Thu, 14 Oct 2004 14:33:04 +0200 Content-return: prohibited Date: Thu, 14 Oct 2004 14:33:04 +0200 From: Alex de Kruijff In-reply-to: <200410141357.35619.haimat@lame.at> To: "Matthias F. Brandstetter" Message-id: <20041014123304.GA1066@alex.lan> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: Mutt/1.4.2.1i References: <200410141357.35619.haimat@lame.at> X-Authentication-warning: alex.lan: akruijff set sender to freebsd@akruijff.dds.nl using -f cc: FreeBSD Mailing List Subject: Re: where to find security updates? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 12:33:08 -0000 On Thu, Oct 14, 2004 at 01:57:35PM +0200, Matthias F. Brandstetter wrote: > Hi all, > > I am somewhat new to FreeBSD, and so not 100% used to this ports and > portaudit system. > > My daily sec. output says, that my installed "mod_php4-4.3.8_2" has two > vulnerabilities. So I did an "cvsup /root/ports-supfile" and a "make > search=mod_php4" afterwards. But I can only see "mod_php4-4.3.6" now, > which does not look like an update to "mod_php4-4.3.8_2". You go wrong here. There doesn't exist a command 'make search=...' it should be 'make search name=mod_php4'. Because of this you have compiled (but not installed) all recursive ports. To fix this do: make clean from /usr/ports (this takes a while) The most recent for me is: mod_php4-4.3.4_7,1 If you run 'pkg_version | grep php' then you can see if the port is newer than the one you installed. A < means that this is the case. > Now my question is: How should/can I update mod_php4, if there is no update > available? First install portupgrade: # cd /usr/ports/sysutils/portupgrade/ # make install && make clean Then do: # rehash # portupgrade -fR mod_php4 The R also compiles all ports that php4 uses and the f force a recompile of ports that are of the current version. Its not allways required but I've had some trouble with php. This solved the problem for me. -- Alex Please copy the original recipients, otherwise I may not read your reply. WWW: http://www.kruijff.org/alex/FreeBSD/