Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 Nov 2003 04:30:33 -0600
From:      Bryan Cassidy <b_cassidy@bellsouth.net>
To:        freebsd-questions@freebsd.org
Subject:   Re: Security question
Message-ID:  <20031120043033.6ebb0c87.b_cassidy@bellsouth.net>
In-Reply-To: <001201c3af35$0f565730$0599a440@linuxops.com>
References:  <000801c3ae5b$44595cf0$0599a440@linuxops.com> <44fzgk4egj.fsf@be-well.ilk.org> <3FBBA719.5010404@dhap.com> <20031120011849.644d36fb.b_cassidy@bellsouth.net> <001201c3af35$0f565730$0599a440@linuxops.com>

next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I personally use the ports tree for installing software. To update the
whole ports tree you could run

cvsup -g -L 2 /usr/share/examples/cvsup/ports-supfile

to get the latest ports *with* the patches for that port.

You can also use cvsup to update your source (/usr/src)

I also use portupgrade to update the installed ports. I have never used
pkg_* because I have always felt pretty comfortable with the ports and
feel no need to switch. I'm sure if openssh has some patches/fixes or
whatever done to the package it will be updated so you can use it.
Example. If you used the ports and gaim-8.0 came out but you only had
0.70 or whatever then all you would need to do is update your ports
(like I showed u above) and do a portupgrade gaim and it would update it
with the latest fixes/patches/version changes or whatever and resolve
any depends. you may need. Using the ports is just a personal reference.
I do recommend it though. Plesae check out this for further reading on
cvsup

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html

On Wed, 19 Nov 2003 23:08:06 -0800
"Kevin McKay" <kevin@dhap.com> wrote:

> Thanks Bryan,
> 
> Two other questions, if I do a pkg_add -r openssh today and then the
> same command in 6 months will it always be the same precompiled binary
> sitting on the server? Or are they updated with patches from time to
> time?  how does the openssh port binary differ from the oepnssh system
> binary? I have looked all through the handbook and faq's but could not
> find a definitive answer.
> 
> Thanks
> Kevin McKay
> 
> ----- Original Message ----- 
> From: "Bryan Cassidy" <b_cassidy@bellsouth.net>
> To: "Kevin McKay" <kevin@dhapdigital.com>
> Cc: <freebsd-questions@freebsd.org>
> Sent: Wednesday, November 19, 2003 11:18 PM
> Subject: Re: Security question
> 
> 
> > I don't know anything about using sysinstall for security
> > patches/upgrades etc. WHat your looking for I think is cvsup. Please
> > read the handbook on Using CVSUP to get the latests source updates,
> > security patches for your release and even updating to a different
> > RELEASE or -CURRENT or -STABLE.
> >
> > On Wed, 19 Nov 2003 09:23:37 -0800
> > Kevin McKay <kevin@dhapdigital.com> wrote:
> >
> > > So it will not just grab the latest patched binaries for 5.1? I am
> > > not
> > >
> > > sure I understand. Is it just for updating between releases and
> > > not for keeping the current release up to date?
> > >
> > > Kevin
> > >
> > > Lowell Gilbert wrote:
> > >
> > > >"Kevin McKay" <kevin@dhap.com> writes:
> > > >
> > > >
> > > >
> > > >>I have read through the documentation but have not been able to
> > > >find>a definite answer. I am running a pretty core install of 5.1
> > > >minimal>+ bind9, postfix, apache, ssh, no ports collection. Here
> > > >is my>question. When I run the binary update from sysinstall will
> > > >that>take care of the earlier ssh vulnerability and update apache
> > > >postfix>and bind to the most current version?
> > > >>
> > > >>
> > > >
> > > >You normally need to run the sysinstall from the version you're
> > > >updating to.  You could configure your system's sysinstall to
> > > >load in the later version, and it should be compatible, but I
> > > >don't know the syntax for that offhand...
> > > >
> > > >
> > >
> > > _______________________________________________
> > > freebsd-questions@freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > To unsubscribe, send any mail to
> > > "freebsd-questions-unsubscribe@freebsd.org"
> >
> 
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/vJfJjnOL7dYm/EQRAh42AJ9IoVVzzRF8Qb9ykPGV2twsFfpHIwCg4uMO
QzUGdPvRWH7Y6Kf8NzRAIj0=
=U+z7
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031120043033.6ebb0c87.b_cassidy>