From owner-freebsd-stable@FreeBSD.ORG Tue Dec 20 08:39:15 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 85D1D16A41F for ; Tue, 20 Dec 2005 08:39:15 +0000 (GMT) (envelope-from yann@raven.kierun.org) Received: from raven.kierun.org (raven.yorksj.ac.uk [193.61.234.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 080C543D5E for ; Tue, 20 Dec 2005 08:39:14 +0000 (GMT) (envelope-from yann@raven.kierun.org) Received: from yann by raven.kierun.org with local (Exim 4.60 (FreeBSD)) (envelope-from ) id 1Eod1e-0000E3-0n; Tue, 20 Dec 2005 08:39:14 +0000 Date: Tue, 20 Dec 2005 08:39:13 +0000 From: Yann Golanski To: rihad Message-ID: <20051220083913.GA505@kierun.org> References: <43A7A3F7.7060500@mail.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="1LKvkjL3sHcu1TtY" Content-Disposition: inline In-Reply-To: <43A7A3F7.7060500@mail.ru> User-Agent: Mutt/1.5.11 Sender: "Yann Golanski, University of York, +44(0)1904-433088" Cc: freebsd-stable@freebsd.org Subject: Re: ports security branch X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Dec 2005 08:39:15 -0000 --1LKvkjL3sHcu1TtY Content-Type: multipart/mixed; boundary="gKMricLos+KVdGMg" Content-Disposition: inline --gKMricLos+KVdGMg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoth rihad on Tue, Dec 20, 2005 at 10:25:59 +0400 > Is there a security branch for the FreeBSD ports collection? Let's say, > I installed FreeBSD 6.0 together with all needed -RELEASE ports/packages > (i.e., those on the CD). Running security/portaudit after a while > reveals that some of the installed packages have vulnerabilities. Am I > on my own to go grab the fresh ports tree, and upgrade the affected > software, suffering all the intricacies of the move by myself? Debian > GNU/Linux has its security package updates, OpenBSD has a separately > maintained "errata" ports branch (it's very likely you still get to > download a newer release of the software, though). Attached is a script I use to update my machines. It works fine but you need to understand what it does and not run it blindly. DO NOT put that in cron, there lies pain! Otherwise, just run the script and it will update all your ports for you. It'll even mail you with the updated ports.=20 --=20 yann@kierun.org -=3D*=3D- www.kierun.= org PGP: 009D 7287 C4A7 FD4F 1680 06E4 F751 7006 9DE2 6318 --gKMricLos+KVdGMg Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="PORT.update" Content-Transfer-Encoding: quoted-printable #!/bin/sh # portupgrade script. ### variables. day=3D`date +%d` month=3D`date +%b` year=3D`date +%Y` host=3D`uname -n` tmp=3D".upgrade.tmp" ### Does what it does... #/usr/local/bin/cvsup -g -L 2 /usr/ports/CVSUP make update make fetchindex less /usr/ports/UPDATING echo 'Do you want to update the port tree? [yn]?' read -p '[y]es or [n]o: ' -e val case ${val} in [yY]) echo 'Updating the port collection now!!!...' ;; [nN]) echo 'Aborting NOW!!!...' exit; ;; *) echo 'What the hell?... I am aborting now.' exit; ;; esac #/usr/local/sbin/portsdb -Uu /usr/local/sbin/pkgdb -F /usr/bin/tar ycf /var/db/$year-$month-$day-pkg.tbz2 /var/db/pkg /usr/local/sbin/portupgrade -C -u -v -r -R -a -l /usr/ports/LATEST.update /usr/local/sbin/portaudit -Fad > $tmp echo ''>> $tmp cat /usr/ports/LATEST.update | sort >> $tmp cat $tmp | mail -s "Portupdate $host on $day $month $year" root@$host /usr/local/sbin/portsclean -C -L -P -D /usr/home/yann/bin/aide.sh ### reporting. echo '' echo 'This is what has been updated today:' /usr/bin/grep -v '^\-' /usr/ports/LATEST.update | sort=20 echo '' exit --gKMricLos+KVdGMg-- --1LKvkjL3sHcu1TtY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDp8Mx91FwBp3iYxgRAhf/AJ9g3I9H/pe3dpx+2Si7SO7qT+TUCwCcC6vb 2UU/8sz+y+VUYcl7+ZuAp/M= =z96o -----END PGP SIGNATURE----- --1LKvkjL3sHcu1TtY--