Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 19 Dec 2005 13:01:17 -0600
From:      Paul Schmehl <pauls@utdallas.edu>
To:        freebsd-questions@freebsd.org
Subject:   Re: ports security branch
Message-ID:  <124C8EC79D9A6FBB2A645B28@Paul-Schmehls-Computer.local>
In-Reply-To: <43A6CA19.5020100@mail.ru>
References:  <43A6CA19.5020100@mail.ru>

next in thread | previous in thread | raw e-mail | index | archive | help
--On December 19, 2005 6:56:25 PM +0400 rihad <rihad@mail.ru> wrote:

> Is there a security branch for the FreeBSD ports collection?  Let's say,
> I installed FreeBSD 6.0 together with all needed -RELEASE ports/packages.
> Running security/portaudit after a while reveals that some of the
> installed packages have vulnerabilities. Am I on my own to go grab the
> fresh ports tree, and upgrade the affected software, suffering all the
> intricacies of the move by myself? Debian GNU/Linux has its security
> package updates, OpenBSD has a separately maintained "errata" ports
> branch (you still get to download a newer release of the software, though
> (IIRC)).
>
On your own, but not in the sense you may think.  If you cvsup your ports 
(I do it nightly for all my servers), then you can simply run portupgrade 
and all the affected ports will be upgraded (assuming you use the right 
switches - I use -ai because I want to be able to decline to upgrade a port 
if it's going to affect a lot of people and then schedule it for later that 
same day or the next.)

I'm not sure what you mean by "suffering all the intricacies".  Cvsup will 
fetch all the ports that have updates (assuming you use the right config - 
man is your friend), so you really don't have to do much except launch 
cvsup (if you haven't already scheduled it routinely) and then launch 
portupgrade once cvsup is done.

When I set up a new server, one of the first things I do, before installing 
any applications, is run cvsup to update everything.  Then I setup cvsup to 
run nightly, and only then to I begin installing whatever applications that 
particular server might need.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?124C8EC79D9A6FBB2A645B28>