From owner-freebsd-stable@FreeBSD.ORG Wed Dec 22 03:13:56 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6139716A4CE for ; Wed, 22 Dec 2004 03:13:56 +0000 (GMT) Received: from elvenbow.nc.kyushu-u.ac.jp (elvenbow.nc.kyushu-u.ac.jp [133.5.6.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FD4843D3F for ; Wed, 22 Dec 2004 03:13:55 +0000 (GMT) (envelope-from kasahara@nc.kyushu-u.ac.jp) Received: from localhost (kasahara@elvenbow.nc.kyushu-u.ac.jp [IPv6:::1]) iBM3DqJO000817; Wed, 22 Dec 2004 12:13:52 +0900 (JST) (envelope-from kasahara@nc.kyushu-u.ac.jp) Date: Wed, 22 Dec 2004 12:13:51 +0900 (JST) Message-Id: <20041222.121351.52176614.kasahara@nc.kyushu-u.ac.jp> To: distro.watch@msa.hinet.net From: Yoshiaki Kasahara In-Reply-To: <200412220952.01107.distro.watch@msa.hinet.net> References: <200412220106.iBM16JlF080958@drugs.dv.isc.org> <200412220952.01107.distro.watch@msa.hinet.net> X-Fingerprint: CDA2 B6B6 6796 0DD3 9D80 2602 E909 4623 A15E A074 X-URL: http://www.nc.kyushu-u.ac.jp/~kasahara/ X-Mailer: Mew version 4.1.50 on Emacs 21.3.50 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: stable@freebsd.org Subject: Re: PHP vulnerability and portupgrade X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Dec 2004 03:13:56 -0000 On Wed, 22 Dec 2004 09:52:01 +0800, Ladislav Bodnar said: > Thanks a lot for your reply. If I understand things correctly, I need to > maintain two cvsup files - one that tracks security issues in the base > FreeBSD 5.3 system (tag=RELENG_5_3, src-all) and one for the ports > collection (tag=. , ports-all). Then every time I receive a FreeBSD > security advisory I run cvsup on the former, and every time portaudit tells > me about a new security issue in the ports collection, I run cvsup on the > latter, then use portupgrade to upgrade vulnerable ports. > > Is this correct? To do it easier, you can set some variables in /etc/make.conf as follows: SUP_UPDATE= yes SUP= /usr/local/bin/cvsup SUPFLAGS= -g -L 2 SUPHOST= cvsup.jp.FreeBSD.org (<- change as you like) SUPFILE= /usr/share/examples/cvsup/stable-supfile PORTSSUPFILE= /usr/share/examples/cvsup/ports-supfile Then type 'make update' in /usr/src. Your source tree will be updated using stable-supfile, and your ports tree will be updated using ports-supfile. Maybe you need to edit stable-supfile to retrieve RELENG_5_3. See /usr/share/examples/etc/make.conf and /usr/share/examples/cvsup/README for the detail. Regards, -- Yoshiaki Kasahara Computing and Communications Center, Kyushu University kasahara@nc.kyushu-u.ac.jp